Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RUN.exe

Overview

General Information

Sample name:RUN.exe
Analysis ID:1530965
MD5:80fb69110342f1a031b10484ea356055
SHA1:70a77fd61066eaf936feec994301f1c3693c7a28
SHA256:7c2f43b18bb5f18cb9b8967323a3c68befff6fbf8dceae39f786e8152f493a65
Tags:exeuser-accbarmailch
Infos:

Detection

CredGrabber, Meduza Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected CredGrabber
Yara detected Meduza Stealer
AI detected suspicious sample
Contains functionality to inject code into remote processes
Creates files in alternative data streams (ADS)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Self deletion via cmd or bat file
Sigma detected: Suspicious Ping/Del Command Combination
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • RUN.exe (PID: 4592 cmdline: "C:\Users\user\Desktop\RUN.exe" MD5: 80FB69110342F1A031B10484EA356055)
    • RUN.exe (PID: 5320 cmdline: "C:\Users\user\Desktop\RUN.exe" MD5: 80FB69110342F1A031B10484EA356055)
      • cmd.exe (PID: 2752 cmdline: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 7088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • PING.EXE (PID: 5404 cmdline: ping 1.1.1.1 -n 1 -w 3000 MD5: 2F46799D79D22AC72C241EC0322B011D)
  • cleanup

Malware Configuration

Threatname: Meduza Stealer

{"C2 url": "109.107.181.162", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "28", "self_destruct": true, "extensions": "none", "links": "none", "grabber_max_size": 1048576}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
    Process Memory Space: RUN.exe PID: 5320JoeSecurity_MeduzaStealerYara detected Meduza StealerJoe Security
      Process Memory Space: RUN.exe PID: 5320JoeSecurity_CredGrabberYara detected CredGrabberJoe Security

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Suspicious Ping/Del Command Combination
        Source: Process startedAuthor: Ilya Krestinichev: Data: Command: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe", CommandLine: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\RUN.exe", ParentImage: C:\Users\user\Desktop\RUN.exe, ParentProcessId: 5320, ParentProcessName: RUN.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe", ProcessId: 2752, ProcessName: cmd.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-10T18:22:10.339486+020020494411A Network Trojan was detected192.168.2.549704109.107.181.16215666TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-10T18:22:10.339486+020020508061A Network Trojan was detected192.168.2.549704109.107.181.16215666TCP
        2024-10-10T18:22:10.344604+020020508061A Network Trojan was detected192.168.2.549704109.107.181.16215666TCP
        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-10T18:22:10.339486+020020508071A Network Trojan was detected192.168.2.549704109.107.181.16215666TCP
        2024-10-10T18:22:10.344604+020020508071A Network Trojan was detected192.168.2.549704109.107.181.16215666TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for dropped file
        Source: C:\Users\user\Desktop\a.exe:extractor.dllAvira: detection malicious, Label: HEUR/AGEN.1354117
        Found malware configuration
        Source: 1.2.RUN.exe.140000000.0.unpackMalware Configuration Extractor: Meduza Stealer {"C2 url": "109.107.181.162", "anti_vm": true, "anti_dbg": true, "port": 15666, "build_name": "28", "self_destruct": true, "extensions": "none", "links": "none", "grabber_max_size": 1048576}
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\Desktop\a.exe:extractor.dllReversingLabs: Detection: 41%
        Multi AV Scanner detection for submitted file
        Source: RUN.exeReversingLabs: Detection: 65%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
        Machine Learning detection for dropped file
        Source: C:\Users\user\Desktop\a.exe:extractor.dllJoe Sandbox ML: detected
        Machine Learning detection for sample
        Source: RUN.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140070410 CryptUnprotectData,LocalFree,1_2_0000000140070410
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140035BD0 CryptUnprotectData,LocalFree,1_2_0000000140035BD0
        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49705 version: TLS 1.2
        Source: RUN.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400B93CC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,1_2_00000001400B93CC
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400B947C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,1_2_00000001400B947C
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140034D60 FindFirstFileW,FindNextFileW,1_2_0000000140034D60
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400D40D8 FindFirstFileW,FindNextFileW,1_2_00000001400D40D8
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140088D70 GetLogicalDriveStringsW,1_2_0000000140088D70
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\migration\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\migration\wtr\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF66B15DC50
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rsi0_2_00007FF66B159CD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi0_2_00007FF66B15ACD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi0_2_00007FF66B15ACD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi0_2_00007FF66B15ACD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rsi0_2_00007FF66B151D20
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then cmp rdx, 01h0_2_00007FF66B14FBE0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rsi0_2_00007FF66B1520B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbx0_2_00007FF66B13AF33
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then sub rsp, 28h0_2_00007FF66B15DD49
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbp0_2_00007FF66B14AE30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbp0_2_00007FF66B14B470
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push r150_2_00007FF66B14929E
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi0_2_00007FF66B15A1B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi0_2_00007FF66B15A1B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi0_2_00007FF66B15A1B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbx0_2_00007FF66B15B8C0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then sub rsp, 28h1_2_00007FF66B15DC50
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rsi1_2_00007FF66B159CD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi1_2_00007FF66B15ACD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi1_2_00007FF66B15ACD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi1_2_00007FF66B15ACD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rsi1_2_00007FF66B151D20
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then cmp rdx, 01h1_2_00007FF66B14FBE0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rsi1_2_00007FF66B1520B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbx1_2_00007FF66B13AF33
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then sub rsp, 28h1_2_00007FF66B15DD49
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbp1_2_00007FF66B14AE30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbp1_2_00007FF66B14B470
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push r151_2_00007FF66B14929E
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi1_2_00007FF66B15A1B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi1_2_00007FF66B15A1B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rdi1_2_00007FF66B15A1B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 4x nop then push rbx1_2_00007FF66B15B8C0

        Networking

        barindex
        Suricata IDS alerts for network traffic
        Source: Network trafficSuricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.5:49704 -> 109.107.181.162:15666
        Source: Network trafficSuricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.5:49704 -> 109.107.181.162:15666
        Source: Network trafficSuricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.5:49704 -> 109.107.181.162:15666
        Uses ping.exe to check the status of other devices and networks
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
        Source: global trafficTCP traffic: 192.168.2.5:49704 -> 109.107.181.162:15666
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
        Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
        Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
        Source: Joe Sandbox ViewASN Name: TELEPORT-TV-ASRU TELEPORT-TV-ASRU
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownDNS query: name: api.ipify.org
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: unknownTCP traffic detected without corresponding DNS query: 109.107.181.162
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140070830 Concurrency::cancel_current_task,InternetOpenW,InternetOpenUrlA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,1_2_0000000140070830
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache
        Source: global trafficDNS traffic detected: DNS query: api.ipify.org
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
        Source: RUN.exe, 00000001.00000003.2202423492.00000242158E0000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2202472603.00000242158E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi
        Source: RUN.exe, 00000001.00000003.2036391573.00000242158D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.microsoft.t/Regi)F
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000002.2204235009.0000024213137000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
        Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
        Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2039601750.0000024215C1F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: RUN.exeString found in binary or memory: https://gcc.gnu.org/bugs/):
        Source: RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
        Source: RUN.exe, 00000001.00000003.2061516063.0000024215FA8000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D4F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2057905457.0000024214F38000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059856665.0000024214F30000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D47000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2058084500.0000024215D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
        Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
        Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
        Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
        Source: RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: RUN.exe, 00000001.00000003.2061516063.0000024215FA8000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D4F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2057905457.0000024214F38000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059856665.0000024214F30000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D47000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2058084500.0000024215D12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
        Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
        Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
        Source: RUN.exe, 00000001.00000003.2057905457.0000024214F3F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2061516063.0000024215FAF000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
        Source: RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
        Source: RUN.exe, 00000001.00000003.2057905457.0000024214F3F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2061516063.0000024215FAF000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
        Source: RUN.exe, 00000001.00000003.2057905457.0000024214F3F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2061516063.0000024215FAF000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.5:49705 version: TLS 1.2
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit,0_2_00007FF66B1216A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B123590 strcmp,strcmp,NtQueryInformationProcess,0_2_00007FF66B123590
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1225D1 strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,0_2_00007FF66B1225D1
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400D46C0 NtQuerySystemInformation,1_2_00000001400D46C0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014008B700 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,1_2_000000014008B700
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1216A00_2_00007FF66B1216A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B143CF00_2_00007FF66B143CF0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B156C300_2_00007FF66B156C30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B13FB300_2_00007FF66B13FB30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B135F600_2_00007FF66B135F60
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B126E800_2_00007FF66B126E80
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B15BD800_2_00007FF66B15BD80
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B14B4700_2_00007FF66B14B470
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B13E4500_2_00007FF66B13E450
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1237A00_2_00007FF66B1237A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1276D00_2_00007FF66B1276D0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1427100_2_00007FF66B142710
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B14D5F00_2_00007FF66B14D5F0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1295D00_2_00007FF66B1295D0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E12CF00_2_00007FF8A8E12CF0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E03C100_2_00007FF8A8E03C10
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E1AED00_2_00007FF8A8E1AED0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E200BA0_2_00007FF8A8E200BA
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E1F1900_2_00007FF8A8E1F190
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E063600_2_00007FF8A8E06360
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E044600_2_00007FF8A8E04460
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E1C5B00_2_00007FF8A8E1C5B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E207500_2_00007FF8A8E20750
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400420001_2_0000000140042000
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014003787D1_2_000000014003787D
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014005A1501_2_000000014005A150
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400802201_2_0000000140080220
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140080A201_2_0000000140080A20
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014005FB201_2_000000014005FB20
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014003CC001_2_000000014003CC00
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014002F4201_2_000000014002F420
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400B947C1_2_00000001400B947C
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014003B4B01_2_000000014003B4B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400A44E81_2_00000001400A44E8
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140031D301_2_0000000140031D30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014002ED301_2_000000014002ED30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140034D601_2_0000000140034D60
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014005ED701_2_000000014005ED70
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400816001_2_0000000140081600
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014008FED01_2_000000014008FED0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140081FA01_2_0000000140081FA0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014005C7C01_2_000000014005C7C0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006B8601_2_000000014006B860
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400678801_2_0000000140067880
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006E0E01_2_000000014006E0E0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400158E01_2_00000001400158E0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400070E01_2_00000001400070E0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400631401_2_0000000140063140
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400BC1701_2_00000001400BC170
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400531801_2_0000000140053180
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400061801_2_0000000140006180
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006E9BA1_2_000000014006E9BA
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006C1D01_2_000000014006C1D0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400561E01_2_00000001400561E0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400BE9F01_2_00000001400BE9F0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400282001_2_0000000140028200
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006B2301_2_000000014006B230
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014002FA501_2_000000014002FA50
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006DAB01_2_000000014006DAB0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014009FAF81_2_000000014009FAF8
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400263401_2_0000000140026340
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400253501_2_0000000140025350
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006BB801_2_000000014006BB80
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014004C3A01_2_000000014004C3A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400A63BC1_2_00000001400A63BC
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014004ABD01_2_000000014004ABD0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006E5201_2_000000014006E520
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140006D201_2_0000000140006D20
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006B5301_2_000000014006B530
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400595501_2_0000000140059550
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014008F5A01_2_000000014008F5A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140005DB01_2_0000000140005DB0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400066101_2_0000000140006610
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140035E201_2_0000000140035E20
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014002FE961_2_000000014002FE96
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006BEA01_2_000000014006BEA0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014004DEA01_2_000000014004DEA0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B143CF01_2_00007FF66B143CF0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B156C301_2_00007FF66B156C30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B13FB301_2_00007FF66B13FB30
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B135F601_2_00007FF66B135F60
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B126E801_2_00007FF66B126E80
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B15BD801_2_00007FF66B15BD80
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B14B4701_2_00007FF66B14B470
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B13E4501_2_00007FF66B13E450
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B1237A01_2_00007FF66B1237A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B1216A01_2_00007FF66B1216A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B1276D01_2_00007FF66B1276D0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B1427101_2_00007FF66B142710
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B14D5F01_2_00007FF66B14D5F0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B1295D01_2_00007FF66B1295D0
        Source: C:\Users\user\Desktop\RUN.exeCode function: String function: 000000014002FE70 appears 34 times
        Source: C:\Users\user\Desktop\RUN.exeCode function: String function: 00000001400348F0 appears 41 times
        Source: C:\Users\user\Desktop\RUN.exeCode function: String function: 00007FF66B15D580 appears 84 times
        Source: C:\Users\user\Desktop\RUN.exeCode function: String function: 00007FF66B15BC90 appears 52 times
        Source: C:\Users\user\Desktop\RUN.exeCode function: String function: 00007FF66B15D670 appears 376 times
        Source: C:\Users\user\Desktop\RUN.exeCode function: String function: 00007FF66B15D710 appears 168 times
        Source: a.exe_extractor.dll.0.drStatic PE information: Number of sections : 11 > 10
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/2@1/2
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014003B4B0 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_000000014003B4B0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_000000014006DAB0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,1_2_000000014006DAB0
        Source: C:\Users\user\Desktop\RUN.exeFile created: C:\Users\user\Desktop\a.exe:extractor.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeMutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69638AD8C25F
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:120:WilError_03
        Source: RUN.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\RUN.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: RUN.exeReversingLabs: Detection: 65%
        Source: RUN.exeString found in binary or memory: --help
        Source: RUN.exeString found in binary or memory: --help
        Source: unknownProcess created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe"
        Source: C:\Users\user\Desktop\RUN.exeProcess created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe"
        Source: C:\Users\user\Desktop\RUN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
        Source: C:\Users\user\Desktop\RUN.exeProcess created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe"Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: a.exe:extractor.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: rstrtmgr.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: vaultcli.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dllJump to behavior
        Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
        Source: RUN.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: RUN.exeStatic file information: File size 1549312 > 1048576
        Source: RUN.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x136400
        Source: RUN.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit,0_2_00007FF66B1216A0
        Source: RUN.exeStatic PE information: section name: .xdata
        Source: a.exe_extractor.dll.0.drStatic PE information: section name: .xdata
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B2991B0 push 01130064h; iretd 0_2_00007FF66B2991BA
        Source: C:\Users\user\Desktop\RUN.exeFile created: C:\Users\user\Desktop\a.exe:extractor.dllJump to dropped file

        Hooking and other Techniques for Hiding and Protection

        barindex
        Creates files in alternative data streams (ADS)
        Source: C:\Users\user\Desktop\RUN.exeFile created: C:\Users\user\Desktop\a.exe:extractor.dllJump to behavior
        Self deletion via cmd or bat file
        Source: C:\Users\user\Desktop\RUN.exeProcess created: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe"
        Source: C:\Users\user\Desktop\RUN.exeProcess created: "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe"Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Uses ping.exe to sleep
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeAPI coverage: 7.7 %
        Source: C:\Users\user\Desktop\RUN.exeAPI coverage: 4.3 %
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400B93CC FindClose,FindFirstFileExW,GetLastError,GetCurrentDirectoryW,GetLastError,1_2_00000001400B93CC
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400B947C GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,GetLastError,GetFileAttributesW,__std_fs_open_handle,CloseHandle,1_2_00000001400B947C
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140034D60 FindFirstFileW,FindNextFileW,1_2_0000000140034D60
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400D40D8 FindFirstFileW,FindNextFileW,1_2_00000001400D40D8
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140088D70 GetLogicalDriveStringsW,1_2_0000000140088D70
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400D4118 CloseHandle,GetSystemInfo,ReleaseMutex,OpenMutexA,GetModuleFileNameA,SetHandleInformation,1_2_00000001400D4118
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\migration\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\migration\wtr\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: D:\sources\replacementmanifests\hwvid-migration-2\Jump to behavior
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
        Source: RUN.exe, 00000001.00000002.2204235009.00000242131D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
        Source: RUN.exe, 00000001.00000002.2204235009.00000242131B4000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2037368275.00000242131CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
        Source: RUN.exe, 00000001.00000003.2050865815.0000024215C5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
        Source: C:\Users\user\Desktop\RUN.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit,0_2_00007FF66B1216A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400BB8D4 GetLastError,IsDebuggerPresent,OutputDebugStringW,1_2_00000001400BB8D4
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400BB8D4 GetLastError,IsDebuggerPresent,OutputDebugStringW,1_2_00000001400BB8D4
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B1216A0 memcpy,strlen,strcpy_s,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,CreateFileA,WideCharToMultiByte,strcpy_s,strcpy_s,strcpy_s,_strlwr,_strlwr,strstr,strcmp,NtWriteFile,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtClose,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,LdrLoadDll,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,NtProtectVirtualMemory,remove,FreeLibrary,free,memcpy,WideCharToMultiByte,_strlwr,_strlwr,strstr,strcmp,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,NtProtectVirtualMemory,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,exit,0_2_00007FF66B1216A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B121180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,0_2_00007FF66B121180
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B29D3B8 SetUnhandledExceptionFilter,0_2_00007FF66B29D3B8
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B14365A SetUnhandledExceptionFilter,0_2_00007FF66B14365A
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_0000000140096A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0000000140096A38
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400D42B8 SetUnhandledExceptionFilter,1_2_00000001400D42B8
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00007FF66B121180 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA,1_2_00007FF66B121180

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Contains functionality to inject code into remote processes
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF8A8E01690 LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleFileNameA,CreateProcessA,FreeLibrary,FreeLibrary,FreeLibrary,VirtualAlloc,GetThreadContext,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,WaitForSingleObject,0_2_00007FF8A8E01690
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\RUN.exeMemory written: C:\Users\user\Desktop\RUN.exe base: 140000000 value starts with: 4D5AJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\RUN.exeThread register set: target process: 5320Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeProcess created: C:\Users\user\Desktop\RUN.exe "C:\Users\user\Desktop\RUN.exe"Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping 1.1.1.1 -n 1 -w 3000Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeCode function: 0_2_00007FF66B124B40 cpuid 0_2_00007FF66B124B40
        Source: C:\Users\user\Desktop\RUN.exeCode function: GetLocaleInfoW,1_2_00000001400A3090
        Source: C:\Users\user\Desktop\RUN.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00000001400AE120
        Source: C:\Users\user\Desktop\RUN.exeCode function: EnumSystemLocalesW,1_2_00000001400ADA38
        Source: C:\Users\user\Desktop\RUN.exeCode function: EnumSystemLocalesW,1_2_00000001400ADB08
        Source: C:\Users\user\Desktop\RUN.exeCode function: EnumSystemLocalesW,1_2_00000001400A2B4C
        Source: C:\Users\user\Desktop\RUN.exeCode function: GetLocaleInfoW,1_2_00000001400D43A0
        Source: C:\Users\user\Desktop\RUN.exeCode function: EnumSystemLocalesW,1_2_00000001400D43B8
        Source: C:\Users\user\Desktop\RUN.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,1_2_00000001400AD6EC
        Source: C:\Users\user\Desktop\RUN.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00000001400ADF44
        Source: C:\Users\user\Desktop\RUN.exeCode function: GetLocaleInfoEx,FormatMessageA,1_2_00000001400B8FC4
        Source: C:\Users\user\Desktop\RUN.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyNameJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeCode function: 1_2_00000001400B40E8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00000001400B40E8

        Stealing of Sensitive Information

        barindex
        Yara detected CredGrabber
        Source: Yara matchFile source: Process Memory Space: RUN.exe PID: 5320, type: MEMORYSTR
        Yara detected Meduza Stealer
        Source: Yara matchFile source: 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RUN.exe PID: 5320, type: MEMORYSTR
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Electrum-LTC\wallets
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectronCash\wallets
        Source: RUN.exe, 00000001.00000003.2088276894.0000024217B26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "software": "Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K",
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Exodus\exodus.wallet
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
        Source: RUN.exe, 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Ethereum\keystore
        Tries to harvest and steal Bitcoin Wallet information
        Source: C:\Users\user\Desktop\RUN.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
        Source: C:\Users\user\Desktop\RUN.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Tries to steal Mail credentials (via file / registry access)
        Source: C:\Users\user\Desktop\RUN.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior

        Remote Access Functionality

        barindex
        Yara detected CredGrabber
        Source: Yara matchFile source: Process Memory Space: RUN.exe PID: 5320, type: MEMORYSTR
        Yara detected Meduza Stealer
        Source: Yara matchFile source: 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RUN.exe PID: 5320, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		1
        OS Credential Dumping        		11
        System Time Discovery        		Remote Services1
        Archive Collected Data        		2
        Ingress Tool Transfer        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		Boot or Logon Initialization Scripts311
        Process Injection        		3
        Obfuscated Files or Information        		LSASS Memory4
        File and Directory Discovery        		Remote Desktop Protocol2
        Data from Local System        		21
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        DLL Side-Loading        		Security Account Manager34
        System Information Discovery        		SMB/Windows Admin Shares1
        Email Collection        		1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        File Deletion        		NTDS121
        Security Software Discovery        		Distributed Component Object ModelInput Capture2
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Masquerading        		LSA Secrets2
        Process Discovery        		SSHKeylogging3
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts311
        Process Injection        		Cached Domain Credentials1
        Remote System Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
        NTFS File Attributes        		DCSync11
        System Network Configuration Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        RUN.exe66%ReversingLabsWin64.Spyware.Meduzastealer
        RUN.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\Desktop\a.exe:extractor.dll100%AviraHEUR/AGEN.1354117
        C:\Users\user\Desktop\a.exe:extractor.dll100%Joe Sandbox ML
        C:\Users\user\Desktop\a.exe:extractor.dll42%ReversingLabsWin64.Trojan.Generic

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://api.ipify.org/0%URL Reputationsafe
        https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
        https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
        https://gcc.gnu.org/bugs/):0%URL Reputationsafe
        https://duckduckgo.com/ac/?q=0%URL Reputationsafe
        https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg0%URL Reputationsafe
        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
        https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%URL Reputationsafe
        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
        https://support.mozilla.org0%URL Reputationsafe
        https://www.ecosia.org/newtab/0%URL Reputationsafe
        https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta0%URL Reputationsafe
        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
        https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        api.ipify.org
        		104.26.12.205
        		truefalse
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://api.ipify.org/false
          • URL Reputation: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://ac.ecosia.org/autocomplete?q=RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://duckduckgo.com/chrome_newtabRUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2039601750.0000024215C1F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://gcc.gnu.org/bugs/):RUN.exefalse
          • URL Reputation: safe
          		unknown
          https://duckduckgo.com/ac/?q=RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpgRUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.google.com/images/branding/product/ico/googleg_lodp.icoRUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgRUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiRUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown
              https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLRUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refRUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038501883.0000024215C1E000.00000004.00000020.00020000.00000000.sdmpfalse
              • URL Reputation: safe
              		unknown
              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477RUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
                		unknown
                http://ns.microsoft.t/Regi)FRUN.exe, 00000001.00000003.2036391573.00000242158D1000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://support.mozilla.orgRUN.exe, 00000001.00000003.2061516063.0000024215FA8000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D4F000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2057905457.0000024214F38000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059856665.0000024214F30000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2059602201.0000024215D47000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2058084500.0000024215D12000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.ecosia.org/newtab/RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://ns.microsoft.t/RegiRUN.exe, 00000001.00000003.2202423492.00000242158E0000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2202472603.00000242158E4000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&ctaRUN.exe, 00000001.00000003.2066148254.00000242131DB000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D3000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2066036652.00000242131D7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RUN.exe, 00000001.00000003.2038501883.0000024215C37000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2038891640.00000242131D5000.00000004.00000020.00020000.00000000.sdmp, RUN.exe, 00000001.00000003.2040061170.00000242131D9000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brRUN.exe, 00000001.00000003.2059602201.0000024215D57000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://crl.microsRUN.exe, 00000001.00000002.2204235009.0000024213203000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      104.26.12.205
                      		api.ipify.orgUnited States
                      		13335CLOUDFLARENETUSfalse
                      109.107.181.162
                      		unknownRussian Federation
                      		49973TELEPORT-TV-ASRUtrue

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1530965
                      Start date and time:2024-10-10 18:21:14 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 6m 4s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:RUN.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@8/2@1/2
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 67%
                      • Number of executed functions: 53
                      • Number of non-executed functions: 133
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                      • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, crl3.digicert.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size exceeded maximum capacity and may have missing network information.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: RUN.exe

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      104.26.12.2056706e721f2c06.exeGet hashmaliciousRemcosBrowse
                      • api.ipify.org/
                      perfcc.elfGet hashmaliciousXmrigBrowse
                      • api.ipify.org/
                      SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                      • api.ipify.org/
                      SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                      • api.ipify.org/
                      hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                      • api.ipify.org/
                      file.exeGet hashmaliciousRDPWrap ToolBrowse
                      • api.ipify.org/
                      file.exeGet hashmaliciousUnknownBrowse
                      • api.ipify.org/
                      file.exeGet hashmaliciousUnknownBrowse
                      • api.ipify.org/
                      file.exeGet hashmaliciousUnknownBrowse
                      • api.ipify.org/
                      file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                      • api.ipify.org/
                      109.107.181.162App_installer32_64x.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                        setup_run.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                          file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse

                            Domains

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            api.ipify.orginstaller.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 104.26.12.205
                            Oldsetup.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 172.67.74.152
                            https://linkpage.bio/verifybusinessaccount1368Get hashmaliciousUnknownBrowse
                            • 172.67.74.152
                            YyhAkj09dy.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.26.13.205
                            6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                            • 104.26.12.205
                            ZfzNdscQNj.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                            • 104.26.12.205
                            perfcc.elfGet hashmaliciousXmrigBrowse
                            • 104.26.12.205
                            Order Specifications for Materials.docx.exeGet hashmaliciousAgentTeslaBrowse
                            • 172.67.74.152
                            PO-NBQ73652_ORDER_T637MOO746_MATERIALS_SIZES-PDF.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                            • 104.26.12.205
                            Documents.exeGet hashmaliciousAgentTeslaBrowse
                            • 104.26.13.205

                            ASNs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            CLOUDFLARENETUSfile.exeGet hashmaliciousLummaCBrowse
                            • 104.21.53.8
                            Untitled.emlGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            Fw_ Complete with Docusign_ J929272_SOW Extension_002_09-OCT-24_201415.pdf.emlGet hashmaliciousUnknownBrowse
                            • 1.1.1.1
                            https://na2.docusign.net/Signing/EmailStart.aspx?a=65ce31e3-0f62-43e8-8a06-1efc3ff79e46&etti=24&acct=f03a97ef-a21a-4b5f-a673-fe222edf542a&er=c4396d2f-541c-4d1d-bd82-7b6b044f29c3Get hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            file.exeGet hashmaliciousLummaCBrowse
                            • 104.21.53.8
                            original.emlGet hashmaliciousUnknownBrowse
                            • 104.18.65.57
                            ASmartCore_[1MB]_[unsign].exeGet hashmaliciousLummaCBrowse
                            • 104.21.46.170
                            Play_Now-(Sonaemc)MOPT.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 104.17.25.14
                            Set-up.exeGet hashmaliciousLummaCBrowse
                            • 172.67.206.204
                            https://media.thesocialpresskit.com/american-bankers-association/BNAT2024PrintablesPostcard2.zipGet hashmaliciousUnknownBrowse
                            • 162.159.61.3
                            TELEPORT-TV-ASRUApp_installer32_64x.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 109.107.181.162
                            setup_run.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 109.107.181.162
                            file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 109.107.181.162
                            wqOq2pxuQB.exeGet hashmaliciousStealc, VidarBrowse
                            • 109.107.187.5
                            Wv3pZF5jI3.exeGet hashmaliciousRedLineBrowse
                            • 109.107.182.39
                            OgcktrbHkI.exeGet hashmaliciousTofseeBrowse
                            • 109.107.161.150
                            clik.exeGet hashmaliciousCredGrabber, PureLog StealerBrowse
                            • 109.107.181.83
                            leadiadequatepro.exeGet hashmaliciousCredGrabber, PureLog StealerBrowse
                            • 109.107.181.83
                            responsibilityleadpro.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 109.107.181.83
                            CE1KVxYp5t.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 109.107.181.83

                            JA3 Fingerprints

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            37f463bf4616ecd445d4a1937da06e19installer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 104.26.12.205
                            Oldsetup.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                            • 104.26.12.205
                            FMAudit.Installer_9652_1238001249.exeGet hashmaliciousUnknownBrowse
                            • 104.26.12.205
                            Impressionist.exeGet hashmaliciousGuLoaderBrowse
                            • 104.26.12.205
                            PAGO.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 104.26.12.205
                            UMOWA_09.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 104.26.12.205
                            UMOWA_09.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                            • 104.26.12.205
                            MFSA-MiFID-APS-P2_20241007-Annex2_DOC-R-v1.1.exeGet hashmaliciousUnknownBrowse
                            • 104.26.12.205
                            MFSA-MiFID-APS-P2_20241003_ Submission Requirements.exeGet hashmaliciousUnknownBrowse
                            • 104.26.12.205
                            ADSP-21593BBPZ10 Analog Devices, Inc. 5000.exeGet hashmaliciousCryptOne, Snake Keylogger, VIP KeyloggerBrowse
                            • 104.26.12.205

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\Desktop\a.exe:extractor.dll

                            Download File
                            Process:C:\Users\user\Desktop\RUN.exe
                            File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                            Category:dropped
                            Size (bytes):1246720
                            Entropy (8bit):7.387585508857993
                            Encrypted:false
                            SSDEEP:24576:btYuDxnwgAJNpS3m/Oio5exC2B+dXSez3ZnzP8/brYkp6jH6BQQFS:btYYxnw5WiqexC/CmpzP8TrD6LSQ8S
                            MD5:C28352A57EDBEEFD21AAA2D0E435C8BC
                            SHA1:40B3A04DE7A16A5CF46418776A02F452BC4E97D2
                            SHA-256:D104CFA64890074D2921F29E164D6D16576B540217597EA961FF668F1F901AA4
                            SHA-512:A4F7F32206BD2A46D7F7FE5B8035E41E10AF68FDBB712916464A1D6073C2B308B8A7C449369B0197A28C47066F02C4F164FC6444B9044077B13D62D93A462B50
                            Malicious:true
                            Antivirus:
                            • Antivirus: Avira, Detection: 100%
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: ReversingLabs, Detection: 42%
                            Reputation:low
                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...&X.f..........."...)............`.........'..............................p......b.....`... ...................................... .......0...............................`..............................@...(...................@2...............................text...............................`..`.data........0......................@....rdata...........0..................@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata....... ......................@..@.idata.......0......................@....CRT....X....@......................@....tls.........P......................@....reloc.......`......................@..B........................................................................................................................................................................

                            \Device\Null

                            Download File
                            Process:C:\Windows\System32\PING.EXE
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):275
                            Entropy (8bit):4.825671547285939
                            Encrypted:false
                            SSDEEP:6:PzXULmWxHLTpUrS/PaGbsW3CNcwAFeMmvVOIHJFxMVlmJHaVF6Sb6et2:P+pTpcOaGbsTDAFSkIrxMVlmJHaVG
                            MD5:641296DA83CC331C68F284455BBFEBF8
                            SHA1:A80B039410356B5154E077F4777B855D97D5BED7
                            SHA-256:DF538CBB7A4C10509D7942ABC5DF083E6A03B021AA74FBAC1290B450D7815B52
                            SHA-512:703BD4842D28E5A5151CF55F46AA105DE7D3B840E9CCDE6748D472521BA3023331049BB926A494C40415B08CE2C0C125515C1B21F52B3D16DA48EE2092806475
                            Malicious:false
                            Reputation:low
                            Preview:..Pinging 1.1.1.1 with 32 bytes of data:..Reply from 1.1.1.1: bytes=32 time=7ms TTL=51....Ping statistics for 1.1.1.1:.. Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 7ms, Maximum = 7ms, Average = 7ms..

                            Static File Info

                            General

                            File type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                            Entropy (8bit):7.700688005463953
                            TrID:
                            • Win64 Executable (generic) (12005/4) 74.95%
                            • Generic Win/DOS Executable (2004/3) 12.51%
                            • DOS Executable Generic (2002/1) 12.50%
                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.04%
                            File name:RUN.exe
                            File size:1'549'312 bytes
                            MD5:80fb69110342f1a031b10484ea356055
                            SHA1:70a77fd61066eaf936feec994301f1c3693c7a28
                            SHA256:7c2f43b18bb5f18cb9b8967323a3c68befff6fbf8dceae39f786e8152f493a65
                            SHA512:bfacbb61f1c68e0b4e5d7a249512f839933377acb0070d865d202947e948a7e74f84cc55618adfb34a205f8de466ee43962f087aaa27beac5d09f57497783d23
                            SSDEEP:24576:K9hSDFEfJ3HW802gQzSMZs8A+xoZYqPLYnNBa1ndKFyzqxVAPI4WTG+G0lzOp91v:K9hMFEfVHW802gQmMZs8A+uX0nNBvFy5
                            TLSH:FD65F10B57972AFCC267E03493CA9F7A6E70F81E1B107C1645E0DEB30E35D24DA6526A
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...<X.f...............).......................@..........................................`... ............................

                            File Icon

                            Icon Hash:00928e8e8686b000

                            Static PE Info

                            General

                            Entrypoint:0x1400014a0
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x140000000
                            Subsystem:windows gui
                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED
                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x66F5583C [Thu Sep 26 12:49:00 2024 UTC]
                            TLS Callbacks:0x4001a7c0, 0x1, 0x4001a790, 0x1
                            CLR (.Net) Version:
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:bd57c285d6a5e2a5490823348902be43

                            Entrypoint Preview

                            Instruction
                            dec eax
                            sub esp, 28h
                            dec eax
                            mov eax, dword ptr [00172555h]
                            mov dword ptr [eax], 00000001h
                            call 00007F01490E75EFh
                            nop
                            nop
                            dec eax
                            add esp, 28h
                            ret
                            nop dword ptr [eax]
                            dec eax
                            sub esp, 28h
                            dec eax
                            mov eax, dword ptr [00172535h]
                            mov dword ptr [eax], 00000000h
                            call 00007F01490E75CFh
                            nop
                            nop
                            dec eax
                            add esp, 28h
                            ret
                            nop dword ptr [eax]
                            dec eax
                            sub esp, 28h
                            call 00007F0149109954h
                            dec eax
                            cmp eax, 01h
                            sbb eax, eax
                            dec eax
                            add esp, 28h
                            ret
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            dec eax
                            lea ecx, dword ptr [00000009h]
                            jmp 00007F01490E78F9h
                            nop dword ptr [eax+00h]
                            ret
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            nop
                            dec eax
                            mov ecx, dword ptr [0017AB19h]
                            dec eax
                            test ecx, ecx
                            je 00007F01490E7936h
                            mov edx, 00000001h
                            jmp 00007F014912317Fh
                            nop word ptr [eax+eax+00000000h]
                            ret
                            nop
                            nop word ptr [eax+eax+00000000h]
                            nop dword ptr [eax]
                            inc ecx
                            push edi
                            inc ecx
                            push esi
                            inc ecx
                            push ebp
                            inc ecx
                            push esp
                            push ebp
                            push edi
                            push esi
                            push ebx
                            dec eax
                            sub esp, 00000498h
                            dec eax
                            mov eax, dword ptr [00000000h]

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x17d0000xbb0.idata
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1760000x2634.pdata
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1800000x450.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x1730400x28.rdata
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x17d2e80x2a8.idata
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x10000x3ce180x3d0006e3207b6e738c849357d5cc5eadff8f5False0.3964203381147541DIY-Thermocam raw data (Lepton 2.x), scale -5159-26214, spot sensor temperature -0.000000, unit celsius, color scheme 0, calibration: offset 8.007583, slope 13.3909526.121933916474792IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            .data0x3e0000x2300x40054c30bd056bad3a2a28d7d4e5d30c026False0.1123046875data0.9014923988224003IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .rdata0x3f0000x1362400x136400c4e8387490b00edbfe5e55bc0eea5211False0.7592021932917002data7.8041323006894245IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .pdata0x1760000x26340x28003d077addb5b9a56e335cae2add5f2ca8False0.49375data5.445951049867053IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .xdata0x1790000x29840x2a0082c16b01093b8ab3fc164d6e79cda362False0.17587425595238096data4.481152417575644IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .bss0x17c0000xbd00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .idata0x17d0000xbb00xc0095bb611cbd1c7694140dd24d8126f798False0.3375651041666667data4.315543083234784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .CRT0x17e0000x600x200fd16bfa12c0ef660ea7cd3b9d9add3cbFalse0.068359375data0.3124937745953951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .tls0x17f0000x100x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                            .reloc0x1800000x4500x600edb4e248f94038a54b345b54a71fc33cFalse0.490234375data4.576743614039055IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Imports

                            DLLImport
                            KERNEL32.dllCloseHandle, DeleteCriticalSection, EnterCriticalSection, FormatMessageA, FreeLibrary, GetCurrentProcess, GetExitCodeProcess, GetLastError, GetModuleHandleW, GetProcAddress, GetStartupInfoA, GetThreadId, InitializeCriticalSection, IsDBCSLeadByteEx, LeaveCriticalSection, LoadLibraryW, LocalFree, MultiByteToWideChar, Process32First, Process32Next, RaiseException, RtlCaptureContext, RtlLookupFunctionEntry, RtlUnwindEx, RtlVirtualUnwind, SetLastError, SetUnhandledExceptionFilter, Sleep, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualProtect, VirtualQuery, WideCharToMultiByte
                            msvcrt.dll__C_specific_handler, ___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _cexit, _commode, _errno, _fmode, _initterm, _onexit, _strlwr, abort, calloc, exit, fprintf, fputc, fputs, free, fwrite, getenv, localeconv, malloc, memchr, memcmp, memcpy, memmove, memset, realloc, remove, signal, strchr, strcmp, strcpy_s, strerror, strlen, strncmp, strstr, strtoul, vfprintf, wcslen, _read

                            Network Behavior

                            Suricata IDS Alerts

                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                            2024-10-10T18:22:10.339486+02002049441ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt1192.168.2.549704109.107.181.16215666TCP
                            2024-10-10T18:22:10.339486+02002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.549704109.107.181.16215666TCP
                            2024-10-10T18:22:10.339486+02002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.549704109.107.181.16215666TCP
                            2024-10-10T18:22:10.344604+02002050806ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M21192.168.2.549704109.107.181.16215666TCP
                            2024-10-10T18:22:10.344604+02002050807ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)1192.168.2.549704109.107.181.16215666TCP

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Oct 10, 2024 18:22:04.006830931 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:04.011785030 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:04.014142990 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:04.088305950 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.088334084 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.088406086 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.101130962 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.101144075 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.629988909 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.630103111 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.694544077 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.694605112 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.695600033 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.695683002 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.696984053 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.743402004 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.839658022 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.839720964 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:04.839742899 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.839790106 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.840054035 CEST49705443192.168.2.5104.26.12.205
                            Oct 10, 2024 18:22:04.840068102 CEST44349705104.26.12.205192.168.2.5
                            Oct 10, 2024 18:22:10.339485884 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.344427109 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344533920 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344566107 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344579935 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344592094 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344604015 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.344618082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344630957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344636917 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.344645023 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344655991 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.344660044 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.344671965 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.344717026 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.345674992 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.345730066 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.349544048 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349591970 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349606991 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349611998 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349612951 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.349648952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349663973 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349664927 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.349704027 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.349735022 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.349849939 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.349917889 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.350097895 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.350151062 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.354635000 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.354702950 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.354825974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.354881048 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.354964018 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.355019093 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.355149031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.355164051 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.355200052 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.355222940 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.355406046 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.355453014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.359643936 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.359709978 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.359766960 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.359802008 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.359828949 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.359847069 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.359855890 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.359869957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.359905005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.359932899 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.359961987 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360011101 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360197067 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360253096 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360277891 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360291004 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360327005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360352039 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360460997 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360474110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360486031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360512018 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360538006 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360624075 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360636950 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360649109 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360677004 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360707045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.360979080 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.360991955 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361005068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361016035 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361025095 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.361027956 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361042023 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361053944 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361057997 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.361068010 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361080885 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.361083031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361097097 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.361115932 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.361134052 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.364695072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.364748001 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.364763021 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.364775896 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.364798069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.364810944 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.364811897 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.364823103 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.364837885 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.364886045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365108013 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365120888 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365149021 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365164042 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365190983 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365200996 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365205050 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365253925 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365259886 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365303993 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365464926 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365478039 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365489960 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365514994 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365544081 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365797043 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365809917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365822077 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365843058 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365878105 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365931034 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365943909 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.365974903 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.365979910 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366018057 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366038084 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366137981 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366149902 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366182089 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366200924 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366281986 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366295099 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366307020 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366317987 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366328955 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366362095 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366380930 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366400957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366415024 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366446972 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366467953 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366492987 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366506100 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.366539001 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.366561890 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.369627953 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369678974 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.369709969 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369723082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369748116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.369765043 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369775057 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.369777918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369791985 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369806051 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.369837999 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.369914055 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369939089 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.369961977 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370003939 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370055914 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370100975 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370114088 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370163918 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370198011 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370212078 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370223999 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370237112 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370239019 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370271921 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370295048 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370376110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370419025 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370455027 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370467901 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370495081 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370522022 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370785952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370800018 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370811939 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370834112 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370851994 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370887995 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.370973110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.370985985 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371017933 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371038914 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371045113 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371058941 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371099949 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371125937 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371332884 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371345997 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371388912 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371402979 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371409893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371423006 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371453047 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371464014 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371479034 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371496916 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371530056 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371584892 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371598005 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371611118 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371623039 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371623993 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371670008 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.371674061 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.371732950 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.374705076 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.374758959 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.374763012 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.374790907 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.374809980 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.374836922 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.374995947 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375021935 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375045061 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375047922 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375072002 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375075102 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375097990 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375108957 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375133038 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375143051 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375144958 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375171900 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375195026 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375199080 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375221014 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375222921 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375250101 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375250101 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375267029 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375277042 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375296116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375303030 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375324965 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375353098 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375366926 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375411034 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375422955 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375447989 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375472069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375474930 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375502110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375503063 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375530005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375550032 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375706911 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375730991 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375756025 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375766039 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375787020 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375803947 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375917912 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.375968933 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.375998974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376024008 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376050949 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376051903 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376071930 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376100063 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376487017 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376512051 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376538038 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376552105 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376571894 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376591921 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376620054 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376646042 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376667976 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376669884 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376692057 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376694918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376724005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376749992 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376754999 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376779079 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376797915 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376802921 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376827955 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376838923 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376852036 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376854897 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376880884 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.376883030 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376907110 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.376926899 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380120039 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380148888 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380172968 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380182981 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380204916 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380206108 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380224943 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380261898 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380379915 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380405903 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380429983 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380434036 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380450010 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380458117 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380476952 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380501032 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380503893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380530119 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380554914 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380577087 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380578995 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380603075 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380625010 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380626917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380656958 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380671978 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380676985 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380697966 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380722046 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380729914 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380748987 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380767107 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380779982 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380804062 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380826950 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380832911 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380846024 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380851984 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380865097 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380876064 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380898952 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380917072 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380918980 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380944967 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380968094 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380968094 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.380990028 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.380994081 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381022930 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381031990 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381046057 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381057024 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381081104 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381102085 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381211042 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381258011 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381423950 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381474018 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381522894 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381577015 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381613016 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381656885 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.381901979 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.381961107 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382050037 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382075071 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382097006 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382097960 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382122993 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382143974 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382155895 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382203102 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382276058 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382301092 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382324934 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382327080 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382353067 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382369995 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382371902 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382396936 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382419109 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382421970 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382447004 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382452011 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382472992 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.382479906 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382509947 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.382527113 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.385401011 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385421991 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385433912 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385445118 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385458946 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385464907 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.385474920 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385490894 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.385514975 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.385531902 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.385854959 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385907888 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.385912895 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.385960102 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386054993 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386106014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386167049 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386182070 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386194944 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386219978 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386248112 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386459112 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386472940 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386485100 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386498928 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386508942 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386543036 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386557102 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386562109 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386598110 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386758089 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386771917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386784077 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386795998 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386807919 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386810064 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386821032 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386835098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386847019 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386852980 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386872053 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386873007 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386885881 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386898994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386902094 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386910915 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386921883 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386924982 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386939049 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386950970 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386951923 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.386964083 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386976957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.386982918 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387006044 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387021065 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387120008 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387132883 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387156963 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387168884 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387171984 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387197018 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387212992 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387219906 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387269974 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387340069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387352943 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387406111 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387407064 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387450933 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387464046 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387497902 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387525082 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387530088 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387542963 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387554884 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387583017 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387603998 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387612104 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387619019 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.387654066 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.387679100 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390342951 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390400887 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390415907 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390441895 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390451908 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390490055 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390490055 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390505075 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390548944 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390559912 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390566111 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390619040 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390650988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390697956 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390909910 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.390958071 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.390991926 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391045094 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391081095 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391093969 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391105890 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391132116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391135931 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391166925 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391182899 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391415119 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391463995 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391472101 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391518116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391544104 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391592979 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391634941 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391648054 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391659975 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391686916 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391710997 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391797066 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391809940 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391844988 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391872883 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391907930 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391921997 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391943932 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391949892 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391959906 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391966105 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.391977072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391994953 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.391998053 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392008066 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392019987 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392034054 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392055988 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392064095 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392065048 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392079115 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392090082 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392112970 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392124891 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392127037 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392141104 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392182112 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392209053 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392312050 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392324924 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392337084 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392366886 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392391920 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392395020 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392405033 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392417908 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392430067 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392441034 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392441988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392456055 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392468929 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392471075 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392482042 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392493963 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392496109 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392508984 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392527103 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392545938 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392570019 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392585993 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392599106 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392611027 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392621994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392643929 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392666101 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392699003 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.392797947 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392811060 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.392851114 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395488024 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395509005 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395545006 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395585060 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395612001 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395631075 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395657063 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395675898 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395874023 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395894051 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395911932 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395931005 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395931005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395951033 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.395957947 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395981073 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.395987988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396007061 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396025896 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396055937 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396094084 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396111965 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396130085 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396146059 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396181107 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396203041 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396251917 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396389008 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396436930 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396450043 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396500111 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396512985 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396533012 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396557093 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396583080 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.396743059 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.396799088 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397022009 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397039890 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397061110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397073030 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397104979 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397114038 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397134066 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397159100 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397167921 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397186995 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397197962 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397206068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397211075 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397233963 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397254944 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397486925 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397505999 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397535086 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397535086 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397557974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397562981 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397578001 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397587061 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397598028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397603989 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397619009 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397627115 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397639990 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397648096 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397664070 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397666931 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397685051 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397702932 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397720098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397721052 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397741079 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397743940 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397761106 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397763014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397782087 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397789001 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397815943 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397841930 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397861004 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397867918 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397883892 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397887945 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397905111 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.397913933 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397933960 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.397958994 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398108959 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398128033 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398147106 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398160934 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398165941 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398180962 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398185015 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398204088 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398215055 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398222923 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398233891 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398243904 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398251057 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398264885 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398281097 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398283958 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398303986 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398309946 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398323059 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.398333073 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398363113 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.398377895 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400444984 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400506020 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400743961 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400763988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400782108 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400789976 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400821924 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400836945 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400846004 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400859118 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400886059 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400918961 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.400965929 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.400986910 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401024103 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401031017 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401032925 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401052952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401062965 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401070118 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401123047 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401173115 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401191950 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401211023 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401226997 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401228905 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401268005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401284933 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401647091 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401669979 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401688099 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401705980 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401724100 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401736975 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401750088 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.401787996 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.401819944 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402049065 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402100086 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402148008 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402170897 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402189016 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402203083 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402221918 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402232885 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402244091 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402262926 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402277946 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402309895 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.402509928 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.402559996 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.436141968 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.436382055 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.436484098 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.436503887 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441418886 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441437006 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441452026 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441464901 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441477060 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441488028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441493988 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441514969 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441528082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441539049 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441545010 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441559076 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441560030 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441570997 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441584110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441596031 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441596031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441621065 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441632986 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441633940 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441647053 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441658974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441660881 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441673994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441685915 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441698074 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441699028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441711903 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441735029 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441740990 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441747904 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441761017 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441761971 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.441773891 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441788912 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441800117 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.441858053 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.484122992 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.484307051 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.484392881 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.484416008 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.532089949 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.532362938 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.532458067 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.532483101 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.537678957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537744045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.537789106 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537811041 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537833929 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537841082 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.537861109 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.537889004 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.537951946 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537965059 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537976980 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537988901 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.537998915 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538012028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538026094 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538039923 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538042068 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538052082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538083076 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538083076 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538096905 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538119078 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538132906 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538142920 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538184881 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538197041 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538234949 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538321018 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538333893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538345098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538357019 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538367987 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538379908 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538392067 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538398981 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538410902 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538425922 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538429976 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538459063 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538463116 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538475990 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538481951 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538517952 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538523912 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538536072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538542032 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538549900 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538573980 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538595915 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538649082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538697004 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538908005 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538921118 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538933039 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.538959026 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.538988113 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539117098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539130926 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539141893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539154053 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539170027 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539206982 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539212942 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539222002 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539227962 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539242029 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539253950 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539264917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539268017 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539293051 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539328098 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539730072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539743900 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539755106 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539760113 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539772034 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539779902 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539784908 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539798021 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539809942 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539812088 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539822102 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539834976 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539846897 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539849043 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539860010 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539870977 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539877892 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539884090 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539899111 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539911032 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539911032 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539922953 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539932013 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539937019 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539949894 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539962053 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539968014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.539974928 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539987087 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.539994001 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.540000916 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.540013075 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.540015936 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.540026903 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.540040970 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.540041924 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.540071964 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.540086031 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.542867899 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.542915106 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.542921066 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.542960882 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543023109 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543035984 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543049097 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543060064 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543068886 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543107986 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543148994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543162107 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543173075 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543184996 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543196917 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543243885 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543330908 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543344021 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543354988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543365955 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543379068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543379068 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543417931 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543417931 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543431997 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543443918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543451071 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543456078 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543467999 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543494940 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543507099 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543517113 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543529987 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543536901 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543559074 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543584108 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543591022 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543597937 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543610096 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543622017 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543634892 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543646097 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543648958 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543658972 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543670893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543684006 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543687105 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543725014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543751001 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543859005 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543870926 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543881893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.543929100 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.543955088 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544051886 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544099092 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544190884 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544204950 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544217110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544228077 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544239998 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544240952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544255018 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544272900 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544320107 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544322968 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544337034 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544370890 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544403076 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544608116 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544620991 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.544651985 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.544678926 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.588241100 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.588500977 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.588624954 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.588648081 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.615432024 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.615652084 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.615761042 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.615791082 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.620768070 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.620848894 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.620873928 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.620874882 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.620894909 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.620927095 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.620944023 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.620954037 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.620980978 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.620982885 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621007919 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621009111 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621032953 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621032953 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621057987 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621058941 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621078014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621097088 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621102095 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621126890 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621146917 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621150970 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621174097 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621176004 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621201038 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621217966 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621217966 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621243000 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621263027 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621267080 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621283054 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621290922 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621309996 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621318102 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.621334076 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.621355057 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.664170980 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.664413929 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.664532900 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.664561987 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.672950983 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.673130989 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.673213959 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.673243999 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678191900 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678210974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678224087 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678237915 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678267002 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678277016 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678313017 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678334951 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678358078 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678402901 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678412914 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678426981 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678457022 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678483963 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678493977 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678508997 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678520918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678533077 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678536892 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678545952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678558111 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678565979 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678571939 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678586006 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678596973 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678600073 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678613901 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678617001 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678638935 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678652048 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678653002 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678663969 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678667068 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678680897 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678695917 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678716898 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678719997 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678730965 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678742886 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678754091 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678769112 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678807020 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678843021 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678854942 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678879023 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678888083 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678900003 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678916931 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678930044 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678931952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678945065 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.678953886 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.678972960 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679002047 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679004908 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679014921 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679028988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679040909 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679047108 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679053068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679070950 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679095984 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679119110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679133892 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679145098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679168940 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679194927 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679198027 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679208994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679220915 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679234028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679236889 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679246902 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679259062 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679264069 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679291010 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679320097 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.679328918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.679368973 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.720160007 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.724299908 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.724392891 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.724426985 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.740107059 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.740802050 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.740884066 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.740915060 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746088028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746105909 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746118069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746133089 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746155977 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746167898 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746170044 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746211052 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746246099 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746293068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746304989 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746315956 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746328115 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746344090 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746385098 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746393919 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746407032 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746428967 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746440887 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746442080 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746452093 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746464014 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746464014 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746509075 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746530056 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746581078 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746592999 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746603966 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746614933 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746639967 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746673107 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746681929 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746695042 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746706009 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746716976 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746728897 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746730089 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746741056 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746762991 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746802092 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746831894 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746845007 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746855974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746866941 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746877909 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746880054 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746890068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.746912956 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.746957064 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747020960 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747034073 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747045994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747057915 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747068882 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747081041 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747087955 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747109890 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747136116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747149944 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747163057 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747200012 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747220993 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747270107 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747283936 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747296095 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747329950 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747364044 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747423887 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747437000 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747447968 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747482061 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747493029 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747493982 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747505903 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747510910 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747544050 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747574091 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747612953 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747625113 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747684002 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747809887 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747823000 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747833967 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.747881889 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.747904062 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.749278069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.749298096 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.749310017 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.749321938 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.749356031 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.749399900 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.755165100 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.755235910 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.755249977 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.755361080 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.755551100 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.755605936 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.755767107 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.756071091 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.756176949 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.757661104 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.758413076 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.764072895 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.764244080 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.764312983 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.764353037 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.769359112 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769459009 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.769551039 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769587994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769690990 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.769737959 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769751072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769773006 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769783974 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.769798040 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.769839048 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.769910097 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.770010948 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.770092964 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.770720005 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.770752907 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.770765066 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.770865917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.770869017 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.770939112 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.771289110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.771368980 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.774386883 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.774817944 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.774914026 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.775185108 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.775360107 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.775372028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.775422096 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.775630951 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.775830984 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.775895119 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.776824951 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.777502060 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.777650118 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.777728081 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.777751923 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.777765989 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.777817965 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.780800104 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.781151056 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.781239033 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.781349897 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.781461954 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.781513929 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.782392979 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.783473969 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.783585072 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.783766031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.784143925 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.784254074 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.784604073 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.784657001 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.784744978 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.786350965 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.786497116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.786813021 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.787050009 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.787122011 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.788760900 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.788881063 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.788970947 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789133072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789146900 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789215088 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789508104 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789520979 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789531946 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789577007 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789602995 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789614916 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789618015 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789628029 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789649963 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789685965 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789753914 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789880991 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789932013 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.789932013 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.789990902 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.832190990 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.832448959 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.832525969 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.832567930 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.845398903 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.845733881 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.845865965 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.845921993 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.851370096 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.851450920 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.852478027 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.852629900 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.852726936 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.852772951 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.856684923 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.856750965 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.857589960 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.857650042 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.857956886 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.858035088 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.858489990 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.858587980 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.858602047 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.858656883 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.858689070 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.858741045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.858958960 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.858973026 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859019995 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859055042 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859364033 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859376907 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859450102 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859580994 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859641075 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859710932 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859774113 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859807014 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859843969 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859857082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.859860897 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859916925 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.859963894 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.860013008 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.864458084 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.864530087 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.864569902 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.864645004 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.866589069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.866735935 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.866835117 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.866871119 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.869781971 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.869856119 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.872432947 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.872555971 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.872575045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.872649908 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.873697996 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.873847008 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.874983072 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.875046968 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.877813101 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.877875090 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.883444071 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.884824038 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.884906054 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.884959936 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.889878988 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.890734911 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.892651081 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.892811060 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.892874956 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.892924070 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.896024942 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.897810936 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.897891998 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.897897005 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.897906065 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.897965908 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.898036003 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898209095 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898297071 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.898334980 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898380995 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898432016 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.898850918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898875952 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898888111 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.898977041 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.899113894 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.899127007 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.899163008 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.899195910 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.899904966 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.899998903 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.904776096 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.905390978 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.905545950 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.905616045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.905638933 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.905942917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.906039953 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.906359911 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.908457994 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.911478996 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.912058115 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.912070036 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.912223101 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.912300110 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.912341118 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.913217068 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.913299084 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.914968967 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.915075064 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.918590069 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.918613911 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.918761969 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.918843985 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.920222998 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.920789957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.920979977 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.921067953 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.924974918 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.925151110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.925371885 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.925461054 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.925971031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.926588058 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.926712036 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.926942110 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.928754091 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.931346893 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.931739092 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.931824923 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.931881905 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.931973934 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.932012081 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.932082891 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.932112932 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.932199955 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.932244062 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.932256937 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.932292938 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.932324886 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.932411909 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.934204102 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.934288979 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.940033913 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.941977978 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.942065954 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.942117929 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.942173958 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.947149038 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.947375059 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.950851917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.951019049 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.951096058 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.951144934 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.952285051 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.952470064 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.955955029 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.956125021 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.957709074 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.957818031 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.957832098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.957858086 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.957932949 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.957981110 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.958956003 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.959041119 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.962150097 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963056087 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963148117 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.963223934 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963434935 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963507891 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.963538885 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963553905 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963604927 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.963634968 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963753939 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.963808060 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.964277983 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964579105 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964680910 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.964798927 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964812040 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964859009 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.964903116 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964915991 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964930058 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.964970112 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.964992046 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.965080023 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.965282917 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.965295076 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.965351105 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.965475082 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.965487957 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.965537071 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.968791962 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.970670938 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.970683098 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.970695019 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:10.970837116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.970923901 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:10.970968962 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.012115002 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:11.015027046 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.015151978 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.015202045 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.015261889 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.064179897 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:11.064971924 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.065092087 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.065184116 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.065259933 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.112273932 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:11.113213062 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.113334894 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.113405943 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.113472939 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.160449028 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:11.160875082 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.160959959 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.161012888 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.161076069 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.209111929 CEST1566649704109.107.181.162192.168.2.5
                            Oct 10, 2024 18:22:11.211886883 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.212013960 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.212085962 CEST4970415666192.168.2.5109.107.181.162
                            Oct 10, 2024 18:22:11.212174892 CEST4970415666192.168.2.5109.107.181.162

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Oct 10, 2024 18:22:04.073616982 CEST192.168.2.51.1.1.10x65daStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Oct 10, 2024 18:22:04.081321001 CEST1.1.1.1192.168.2.50x65daNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                            Oct 10, 2024 18:22:04.081321001 CEST1.1.1.1192.168.2.50x65daNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                            Oct 10, 2024 18:22:04.081321001 CEST1.1.1.1192.168.2.50x65daNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false

                            HTTPS Proxied Packets

                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.549705104.26.12.2054435320C:\Users\user\Desktop\RUN.exe
                            TimestampBytes transferredDirectionData
                            2024-10-10 16:22:04 UTC100OUTGET / HTTP/1.1
                            Accept: text/html; text/plain; */*
                            Host: api.ipify.org
                            Cache-Control: no-cache
                            2024-10-10 16:22:04 UTC211INHTTP/1.1 200 OK
                            Date: Thu, 10 Oct 2024 16:22:04 GMT
                            Content-Type: text/plain
                            Content-Length: 11
                            Connection: close
                            Vary: Origin
                            CF-Cache-Status: DYNAMIC
                            Server: cloudflare
                            CF-RAY: 8d07f277a8a715a3-EWR
                            2024-10-10 16:22:04 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 33 33
                            Data Ascii: 8.46.123.33


                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:12:22:03
                            Start date:10/10/2024
                            Path:C:\Users\user\Desktop\RUN.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\RUN.exe"
                            Imagebase:0x7ff66b120000
                            File size:1'549'312 bytes
                            MD5 hash:80FB69110342F1A031B10484EA356055
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:1
                            Start time:12:22:03
                            Start date:10/10/2024
                            Path:C:\Users\user\Desktop\RUN.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Users\user\Desktop\RUN.exe"
                            Imagebase:0x7ff66b120000
                            File size:1'549'312 bytes
                            MD5 hash:80FB69110342F1A031B10484EA356055
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Yara matches:
                            • Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000001.00000002.2204235009.0000024213155000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                            Reputation:low
                            Has exited:true

                            General

                            Target ID:4
                            Start time:12:22:20
                            Start date:10/10/2024
                            Path:C:\Windows\System32\cmd.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\user\Desktop\RUN.exe"
                            Imagebase:0x7ff79bae0000
                            File size:289'792 bytes
                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:5
                            Start time:12:22:20
                            Start date:10/10/2024
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6d64d0000
                            File size:862'208 bytes
                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General

                            Target ID:6
                            Start time:12:22:20
                            Start date:10/10/2024
                            Path:C:\Windows\System32\PING.EXE
                            Wow64 process (32bit):false
                            Commandline:ping 1.1.1.1 -n 1 -w 3000
                            Imagebase:0x7ff762530000
                            File size:22'528 bytes
                            MD5 hash:2F46799D79D22AC72C241EC0322B011D
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:moderate
                            Has exited:true

                            Disassembly

                            Reset < >

                              Execution Graph

                              Execution Coverage:2%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:11%
                              Total number of Nodes:136
                              Total number of Limit Nodes:8
                              execution_graph 30033 7ff8a8e011d0 30034 7ff8a8e011f3 30033->30034 30035 7ff8a8e01248 30033->30035 30040 7ff8a8e0126a 30034->30040 30058 7ff8a8e177c0 30034->30058 30036 7ff8a8e177c0 15 API calls 30035->30036 30037 7ff8a8e0124d 30036->30037 30037->30040 30085 7ff8a8e01010 30037->30085 30041 7ff8a8e01266 30041->30040 30042 7ff8a8e012d9 30041->30042 30050 7ff8a8e01318 30041->30050 30042->30040 30102 7ff8a8e17480 30042->30102 30043 7ff8a8e01202 30043->30040 30044 7ff8a8e012a5 30043->30044 30045 7ff8a8e01288 Sleep 30043->30045 30046 7ff8a8e012b7 _amsg_exit 30044->30046 30047 7ff8a8e013b0 30044->30047 30045->30043 30046->30040 30097 7ff8a8e1f7b0 30047->30097 30050->30040 30051 7ff8a8e01350 Sleep 30050->30051 30052 7ff8a8e0136c 30050->30052 30051->30050 30053 7ff8a8e01390 30052->30053 30054 7ff8a8e0137e _amsg_exit 30052->30054 30055 7ff8a8e1f7b0 3 API calls 30053->30055 30054->30040 30055->30040 30056 7ff8a8e013d5 30056->30040 30056->30052 30057 7ff8a8e01438 Sleep 30056->30057 30057->30056 30059 7ff8a8e177e1 30058->30059 30060 7ff8a8e177f8 30058->30060 30059->30043 30060->30059 30061 7ff8a8e17af0 30060->30061 30066 7ff8a8e179f8 30060->30066 30079 7ff8a8e17870 30060->30079 30061->30059 30062 7ff8a8e17af9 30061->30062 30068 7ff8a8e17b1d 30062->30068 30108 7ff8a8e17650 12 API calls 30062->30108 30063 7ff8a8e17b46 30111 7ff8a8e175e0 12 API calls 30063->30111 30067 7ff8a8e17a38 30066->30067 30069 7ff8a8e17b30 30066->30069 30067->30069 30106 7ff8a8e17650 12 API calls 30067->30106 30109 7ff8a8e175e0 12 API calls 30068->30109 30110 7ff8a8e175e0 12 API calls 30069->30110 30070 7ff8a8e17b76 30070->30043 30072 7ff8a8e17a58 30072->30069 30073 7ff8a8e17a4a 30072->30073 30073->30069 30073->30072 30107 7ff8a8e17650 12 API calls 30073->30107 30075 7ff8a8e17b52 30075->30070 30077 7ff8a8e17b97 EnterCriticalSection LeaveCriticalSection 30075->30077 30077->30070 30079->30059 30079->30063 30079->30066 30079->30068 30079->30069 30079->30072 30080 7ff8a8e178e2 30079->30080 30080->30069 30080->30079 30081 7ff8a8e17650 12 API calls 30080->30081 30082 7ff8a8e17960 30080->30082 30084 7ff8a8e1795d 30080->30084 30081->30080 30082->30059 30083 7ff8a8e17994 VirtualProtect 30082->30083 30083->30059 30083->30084 30084->30082 30084->30083 30086 7ff8a8e01026 30085->30086 30088 7ff8a8e010a0 30085->30088 30089 7ff8a8e01050 Sleep 30086->30089 30090 7ff8a8e0106c 30086->30090 30095 7ff8a8e01088 30086->30095 30087 7ff8a8e010e6 30087->30095 30096 7ff8a8e01180 _initterm 30087->30096 30088->30087 30093 7ff8a8e010d1 Sleep 30088->30093 30088->30095 30089->30086 30091 7ff8a8e01140 30090->30091 30092 7ff8a8e0107e _amsg_exit 30090->30092 30094 7ff8a8e1f7b0 3 API calls 30091->30094 30092->30095 30093->30088 30094->30095 30095->30041 30096->30095 30098 7ff8a8e1f7c4 30097->30098 30099 7ff8a8e1f80d 30098->30099 30100 7ff8a8e1f805 free 30098->30100 30112 7ff8a8e22200 30098->30112 30099->30040 30100->30099 30103 7ff8a8e17490 30102->30103 30104 7ff8a8e174a0 30102->30104 30103->30056 30120 7ff8a8e222c0 30104->30120 30106->30073 30107->30073 30108->30062 30109->30069 30110->30063 30111->30075 30113 7ff8a8e22218 30112->30113 30114 7ff8a8e2220d 30112->30114 30117 7ff8a8e183a0 TlsFree 30113->30117 30114->30098 30118 7ff8a8e183b8 GetLastError 30117->30118 30119 7ff8a8e183ae 30117->30119 30119->30098 30121 7ff8a8e222dd 30120->30121 30123 7ff8a8e22486 strtoul 30121->30123 30124 7ff8a8e22355 malloc 30121->30124 30125 7ff8a8e223af memcmp 30121->30125 30123->30121 30125->30121 30126 7ff66b1214a0 30129 7ff66b121180 30126->30129 30128 7ff66b1214b6 30130 7ff66b121440 GetStartupInfoA 30129->30130 30131 7ff66b1211b2 30129->30131 30138 7ff66b12139e 30130->30138 30132 7ff66b1211d9 Sleep 30131->30132 30133 7ff66b1211e9 30131->30133 30132->30131 30134 7ff66b12140c _initterm 30133->30134 30135 7ff66b12121c 30133->30135 30133->30138 30134->30135 30147 7ff66b13ab50 30135->30147 30137 7ff66b121244 SetUnhandledExceptionFilter 30140 7ff66b121267 30137->30140 30138->30128 30139 7ff66b1212fe malloc 30139->30138 30141 7ff66b121329 30139->30141 30140->30139 30142 7ff66b121330 strlen malloc memcpy 30141->30142 30142->30142 30143 7ff66b121362 30142->30143 30172 7ff66b13a6f0 30143->30172 30148 7ff66b13ab88 30147->30148 30171 7ff66b13ab71 30147->30171 30149 7ff66b13ae80 30148->30149 30154 7ff66b13ad88 30148->30154 30166 7ff66b13ac00 30148->30166 30148->30171 30150 7ff66b13ae89 30149->30150 30149->30171 30157 7ff66b13aead 30150->30157 30181 7ff66b13a9e0 8 API calls 30150->30181 30151 7ff66b13aed6 30184 7ff66b13a970 8 API calls 30151->30184 30155 7ff66b13adc8 30154->30155 30158 7ff66b13aec0 30154->30158 30155->30158 30179 7ff66b13a9e0 8 API calls 30155->30179 30156 7ff66b13aee2 30156->30137 30182 7ff66b13a970 8 API calls 30157->30182 30183 7ff66b13a970 8 API calls 30158->30183 30160 7ff66b13ade8 30160->30158 30161 7ff66b13adda 30160->30161 30161->30158 30161->30160 30180 7ff66b13a9e0 8 API calls 30161->30180 30165 7ff66b13a9e0 8 API calls 30167 7ff66b13ac72 30165->30167 30166->30151 30166->30154 30166->30157 30166->30158 30166->30160 30166->30167 30166->30171 30167->30158 30167->30165 30167->30166 30168 7ff66b13acf0 30167->30168 30170 7ff66b13aced 30167->30170 30169 7ff66b13ad24 VirtualProtect 30168->30169 30168->30171 30169->30170 30169->30171 30170->30168 30170->30169 30171->30137 30173 7ff66b13a710 30172->30173 30174 7ff66b121378 30172->30174 30185 7ff66b15d9c0 30173->30185 30176 7ff66b15dd80 30174->30176 30177 7ff66b13a6f0 3 API calls 30176->30177 30178 7ff66b15dd89 30177->30178 30179->30161 30180->30161 30181->30150 30182->30158 30183->30151 30184->30156 30190 7ff66b15d9dd 30185->30190 30187 7ff66b15db86 strtoul 30187->30190 30188 7ff66b15da55 malloc 30189 7ff66b15daaf memcmp 30189->30190 30190->30187 30190->30188 30190->30189 30191 7ff66b15d380 30192 7ff66b15d38d 30191->30192 30193 7ff66b15d398 30191->30193 30196 7ff66b13b930 TlsFree 30193->30196 30197 7ff66b13b948 GetLastError 30196->30197 30198 7ff66b13b93e 30196->30198

                              Executed Functions

                              Function 00007FF66B1216A0 Relevance: 141.5, APIs: 63, Strings: 17, Instructions: 1465stringlibraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: _strlwrstrcpy_s$strcmp$ByteCharMultiWidestrstr$AddressFileLoadProcmemcpy$CloseCreateLibraryWritemallocstrlen
                              • String ID: .dll$CreateFikernel32NtWriteFNtClose$Execute$LdrLoadDll$LdrUnloa$Memo$RtlInitUnicodeString$a.ex$a.exe:extractor.dll$basic_string: construction from null is not valid$dDll$eggg$eggg$eggg$ile$leA$ntdll.dll
                              • API String ID: 3908421497-1771683211
                              • Opcode ID: 1d5c80d7f578658f1db0f5277519c231cd3791395f39275dc7edbb7f11f061e5
                              • Instruction ID: f0c55f654fb0262469a9a0a16761cfb21c1191073640262951bb05bf0221e543
                              • Opcode Fuzzy Hash: 1d5c80d7f578658f1db0f5277519c231cd3791395f39275dc7edbb7f11f061e5
                              • Instruction Fuzzy Hash: AEE27E72A08681D2EA60CF15E5403AEB7B1FB8DB88F444135DA8D8BBA4DF3DE555CB40
                              Function 00007FF8A8E01690 Relevance: 40.4, APIs: 19, Strings: 4, Instructions: 193libraryloaderinjectionCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: AddressLibraryProcProcess$MemoryThreadWrite$AllocContextFreeLoadVirtual$CreateFileModuleNameObjectResumeSingleWait
                              • String ID: @$VirtualA$kernel32ntdll.dlCreatePr$lloc
                              • API String ID: 4114231647-2595456714
                              • Opcode ID: c329c931c8ad2b0ca9eb779051fbe313b7b61dcb5e19165ce24ae72118e02771
                              • Instruction ID: 80d666b05241bf4d2cba3613573b29c833cd9173ebdb130697ec57ca450bceaa
                              • Opcode Fuzzy Hash: c329c931c8ad2b0ca9eb779051fbe313b7b61dcb5e19165ce24ae72118e02771
                              • Instruction Fuzzy Hash: 26914D32619B8196E760CB26F8447AAB7A0FB88BC4F444125DECD47B68DF7CD185CB14
                              Function 00007FF66B1225D1 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 345stringnativeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 325 7ff66b1225d1-7ff66b1225e3 call 7ff66b15cd90 328 7ff66b1225eb-7ff66b122695 call 7ff66b15d580 call 7ff66b15cda0 * 5 call 7ff66b124b10 325->328 329 7ff66b1225e6 call 7ff66b13bde0 325->329 344 7ff66b122697-7ff66b1226a3 call 7ff66b123420 328->344 345 7ff66b1226a9-7ff66b12275b call 7ff66b121550 328->345 329->328 344->345 350 7ff66b122cb3-7ff66b122d63 call 7ff66b121550 344->350 351 7ff66b122761-7ff66b122780 345->351 352 7ff66b1227f5-7ff66b122868 call 7ff66b121550 345->352 361 7ff66b122d69-7ff66b122d80 350->361 362 7ff66b122dfc-7ff66b122e6a call 7ff66b121550 350->362 351->352 355 7ff66b122782-7ff66b12278c 351->355 359 7ff66b12286e-7ff66b12288d 352->359 360 7ff66b122905-7ff66b122978 call 7ff66b121550 352->360 358 7ff66b12279d-7ff66b1227ad strcmp 355->358 363 7ff66b1227af-7ff66b1227cc 358->363 364 7ff66b122790-7ff66b12279b 358->364 359->360 365 7ff66b12288f-7ff66b122899 359->365 380 7ff66b12297e-7ff66b12299d 360->380 381 7ff66b122a15-7ff66b122a86 call 7ff66b121550 360->381 361->362 366 7ff66b122d82-7ff66b122d8d 361->366 374 7ff66b122f09-7ff66b122f77 call 7ff66b121550 362->374 375 7ff66b122e70-7ff66b122e88 362->375 363->352 368 7ff66b1227ce-7ff66b1227f3 NtProtectVirtualMemory 363->368 364->352 364->358 371 7ff66b1228ad-7ff66b1228bd strcmp 365->371 372 7ff66b122d9c-7ff66b122db6 strcmp 366->372 368->352 376 7ff66b1228bf-7ff66b1228dc 371->376 377 7ff66b1228a0-7ff66b1228ab 371->377 378 7ff66b122db8-7ff66b122dd3 372->378 379 7ff66b122d8f-7ff66b122d9a 372->379 396 7ff66b122f7d-7ff66b122f94 374->396 397 7ff66b123010-7ff66b12307e call 7ff66b121550 374->397 375->374 382 7ff66b122e8a-7ff66b122e98 375->382 376->360 384 7ff66b1228de-7ff66b122903 NtProtectVirtualMemory 376->384 377->360 377->371 378->362 386 7ff66b122dd5-7ff66b122df5 378->386 379->362 379->372 380->381 387 7ff66b12299f-7ff66b1229a9 380->387 392 7ff66b122a8c-7ff66b122aab 381->392 393 7ff66b122b24-7ff66b122b95 call 7ff66b121550 381->393 388 7ff66b122ea7-7ff66b122ec1 strcmp 382->388 384->360 386->362 391 7ff66b1229bd-7ff66b1229cd strcmp 387->391 394 7ff66b122e9a-7ff66b122ea5 388->394 395 7ff66b122ec3-7ff66b122ee0 388->395 398 7ff66b1229cf-7ff66b1229ec 391->398 399 7ff66b1229b0-7ff66b1229bb 391->399 392->393 402 7ff66b122aad-7ff66b122ab8 392->402 414 7ff66b122b9b-7ff66b122bb2 393->414 415 7ff66b122c2a-7ff66b122c49 call 7ff66b1216a0 call 7ff66b15cd90 393->415 394->374 394->388 395->374 403 7ff66b122ee2-7ff66b122f02 395->403 396->397 405 7ff66b122f96-7ff66b122fa1 396->405 410 7ff66b123114-7ff66b123126 exit 397->410 411 7ff66b123084-7ff66b12309e 397->411 398->381 400 7ff66b1229ee-7ff66b122a13 NtProtectVirtualMemory 398->400 399->381 399->391 400->381 407 7ff66b122acd-7ff66b122adc strcmp 402->407 403->374 409 7ff66b122fb0-7ff66b122fca strcmp 405->409 412 7ff66b122ade-7ff66b122afb 407->412 413 7ff66b122ac0-7ff66b122acb 407->413 416 7ff66b122fcc-7ff66b122fe7 409->416 417 7ff66b122fa3-7ff66b122fae 409->417 422 7ff66b12312e-7ff66b123139 410->422 423 7ff66b123129 call 7ff66b15cd90 410->423 411->410 419 7ff66b1230a0-7ff66b1230aa 411->419 412->393 421 7ff66b122afd-7ff66b122b1d 412->421 413->393 413->407 414->415 424 7ff66b122bb4-7ff66b122bbf 414->424 441 7ff66b122c4b-7ff66b122c50 call 7ff66b15cd90 415->441 442 7ff66b122c55-7ff66b122c6a call 7ff66b15cd90 415->442 416->397 418 7ff66b122fe9-7ff66b123009 416->418 417->397 417->409 418->397 426 7ff66b1230b9-7ff66b1230c9 strcmp 419->426 421->393 428 7ff66b12313b-7ff66b123140 call 7ff66b15cd90 422->428 429 7ff66b123145-7ff66b123154 call 7ff66b15cd90 422->429 423->422 425 7ff66b122bd5-7ff66b122be5 strcmp 424->425 430 7ff66b122be7-7ff66b122c01 425->430 431 7ff66b122bc8-7ff66b122bd3 425->431 433 7ff66b1230cb-7ff66b1230eb 426->433 434 7ff66b1230ac-7ff66b1230b7 426->434 428->429 443 7ff66b12316d-7ff66b123173 429->443 430->415 437 7ff66b122c03-7ff66b122c23 430->437 431->415 431->425 433->410 439 7ff66b1230ed-7ff66b12310d 433->439 434->410 434->426 437->415 439->410 441->442 452 7ff66b122c76-7ff66b122cb2 call 7ff66b15cd90 442->452 453 7ff66b122c6c-7ff66b122c71 call 7ff66b15cd90 442->453 444 7ff66b12317f-7ff66b123197 call 7ff66b15cd90 call 7ff66b13bde0 443->444 445 7ff66b123175-7ff66b12317a call 7ff66b15cd90 443->445 444->443 445->444 453->452
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcmp$malloc$CaptureContextMemoryProtectUnwindVirtualabort
                              • String ID: basic_string: construction from null is not valid
                              • API String ID: 3335607169-2991274800
                              • Opcode ID: 889d683e3c19fa97c71aa7ba89f5e1bee264d1ba4f57934af643f07797ff3aa9
                              • Instruction ID: 7301dce3695bb8410103f2f1d48fa26031193890e49ebb690b035665e15fdaff
                              • Opcode Fuzzy Hash: 889d683e3c19fa97c71aa7ba89f5e1bee264d1ba4f57934af643f07797ff3aa9
                              • Instruction Fuzzy Hash: BF025C72A18AC2E2EA609F15E4403EEB7B0FB89748F444235DA8D8B764DF3DE555CB40
                              Function 00007FF66B121180 Relevance: 12.2, APIs: 8, Instructions: 191sleepstringCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 459 7ff66b121180-7ff66b1211ac 460 7ff66b121440-7ff66b121443 GetStartupInfoA 459->460 461 7ff66b1211b2-7ff66b1211cd 459->461 465 7ff66b121450-7ff66b121468 call 7ff66b143500 460->465 462 7ff66b1211e0-7ff66b1211e7 461->462 463 7ff66b1211e9-7ff66b1211f7 462->463 464 7ff66b1211d0-7ff66b1211d3 462->464 468 7ff66b1213f7-7ff66b121406 call 7ff66b1434f8 463->468 469 7ff66b1211fd-7ff66b121201 463->469 466 7ff66b1211d9-7ff66b1211de Sleep 464->466 467 7ff66b1213e0-7ff66b1213f1 464->467 466->462 467->468 467->469 476 7ff66b12140c-7ff66b121427 _initterm 468->476 477 7ff66b12121c-7ff66b12121e 468->477 471 7ff66b121207-7ff66b121216 469->471 472 7ff66b121470-7ff66b121489 call 7ff66b143510 469->472 471->476 471->477 485 7ff66b12148e 472->485 479 7ff66b12142d-7ff66b121432 476->479 480 7ff66b121224-7ff66b121231 476->480 477->479 477->480 479->480 482 7ff66b12123f-7ff66b121287 call 7ff66b13ab50 SetUnhandledExceptionFilter call 7ff66b142b40 call 7ff66b13a960 call 7ff66b142a60 480->482 483 7ff66b121233-7ff66b12123b 480->483 496 7ff66b121289 482->496 497 7ff66b1212a2-7ff66b1212a8 482->497 483->482 488 7ff66b121496-7ff66b121498 call 7ff66b143538 485->488 491 7ff66b12149d-7ff66b12149e 488->491 498 7ff66b1212e0-7ff66b1212e6 496->498 499 7ff66b1212aa-7ff66b1212b8 497->499 500 7ff66b121290-7ff66b121292 497->500 501 7ff66b1212e8-7ff66b1212f2 498->501 502 7ff66b1212fe-7ff66b121323 malloc 498->502 505 7ff66b12129e 499->505 503 7ff66b1212d9 500->503 504 7ff66b121294-7ff66b121297 500->504 506 7ff66b1212f8 501->506 507 7ff66b1213d0-7ff66b1213d5 501->507 502->485 508 7ff66b121329-7ff66b12132f 502->508 503->498 509 7ff66b121299 504->509 510 7ff66b1212c0-7ff66b1212c2 504->510 505->497 506->502 507->506 511 7ff66b121330-7ff66b121360 strlen malloc memcpy 508->511 509->505 510->503 512 7ff66b1212c4 510->512 511->511 513 7ff66b121362-7ff66b121399 call 7ff66b13a6f0 call 7ff66b15dd80 511->513 514 7ff66b1212c8-7ff66b1212d2 512->514 519 7ff66b12139e-7ff66b1213ac 513->519 514->503 516 7ff66b1212d4-7ff66b1212d7 514->516 516->503 516->514 519->488 520 7ff66b1213b2-7ff66b1213ba 519->520 520->465 521 7ff66b1213c0-7ff66b1213cd 520->521
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
                              • String ID:
                              • API String ID: 649803965-0
                              • Opcode ID: b9ea7d52b2d10031b6286852ea58a9678844d50c5c92490324d83c833a674caa
                              • Instruction ID: 40285270dd5618db527838b444bed773944cfd889e0e229adda1050ccb7c7fe5
                              • Opcode Fuzzy Hash: b9ea7d52b2d10031b6286852ea58a9678844d50c5c92490324d83c833a674caa
                              • Instruction Fuzzy Hash: 76816731A08652E6FA24EB16E551379A3B5AF4AB8CF444035DE0DCF7B1DE3EE8908300
                              Function 00007FF66B123590 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 134stringnativeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcpy_s$_strlwrstrcmp$ByteCharInformationMultiProcessQueryWidestrstr
                              • String ID: onProcesntdll.dll
                              • API String ID: 1398458973-3366486540
                              • Opcode ID: f1d89bea083f99c4f6bbdb13ea71029d17944b1983adebca5988770642fe2c09
                              • Instruction ID: 0f12bd3ba8c228c53d8ec79cfdfb285fb9e8c63cc7339f12fd6387dd8af16eb6
                              • Opcode Fuzzy Hash: f1d89bea083f99c4f6bbdb13ea71029d17944b1983adebca5988770642fe2c09
                              • Instruction Fuzzy Hash: 4D51D462E08681EAEB618B15A44077AB7B4FF8974CF085134DE4D873A4EF3CE596C700
                              Function 00007FF8A8E222C0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 120stringCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: mallocmemcmpstrtoul
                              • String ID: .$.eh_pool$:$=$=$GLIBCXX_TUNABLES$glibcxx.$obj_count$obj_size$obj_size
                              • API String ID: 920383374-3633263654
                              • Opcode ID: adf3d7f5175feb1777846852d1f2af30fe1d5e279db8b4da270c13a8be9b5945
                              • Instruction ID: 8dac94ed804377510f359880d765fe4d43f1309bab91f29c2a32c6ae14a370ab
                              • Opcode Fuzzy Hash: adf3d7f5175feb1777846852d1f2af30fe1d5e279db8b4da270c13a8be9b5945
                              • Instruction Fuzzy Hash: D4519A31A0B687E5FF119B20E840379A7A4EB487C4F584035EA8D46698FF3DE564C728
                              Function 00007FF66B15D9C0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 120stringCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: mallocmemcmpstrtoul
                              • String ID: .$.eh_pool$:$=$=$GLIBCXX_TUNABLES$glibcxx.$obj_count$obj_size$obj_size
                              • API String ID: 920383374-3633263654
                              • Opcode ID: 9c29e72dc19d8110bb4db6a39bdd3ee898821528617a998e2502974fc6ba40b9
                              • Instruction ID: 1da758f86242d5affabf04c80a7484302e151facbfe79cfa316ce65e3ef4f6c0
                              • Opcode Fuzzy Hash: 9c29e72dc19d8110bb4db6a39bdd3ee898821528617a998e2502974fc6ba40b9
                              • Instruction Fuzzy Hash: B2517DB3A5D642E5FB618B11E44077AA6B5EB4D78CF584035D98DCE2B4EE2CE680C308
                              Function 00007FF8A8E011D0 Relevance: 7.7, APIs: 5, Instructions: 164sleepCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 522 7ff8a8e011d0-7ff8a8e011f1 523 7ff8a8e011f3-7ff8a8e011fb 522->523 524 7ff8a8e01248-7ff8a8e01253 call 7ff8a8e177c0 522->524 526 7ff8a8e011fd-7ff8a8e01226 call 7ff8a8e177c0 call 7ff8a8e014b0 call 7ff8a8e18ba0 523->526 527 7ff8a8e0126a 523->527 532 7ff8a8e012e2-7ff8a8e012f4 call 7ff8a8e014b0 524->532 533 7ff8a8e01259-7ff8a8e01268 call 7ff8a8e01010 524->533 526->527 547 7ff8a8e01228-7ff8a8e01241 526->547 529 7ff8a8e0126c-7ff8a8e01282 527->529 532->529 541 7ff8a8e012fa-7ff8a8e0130c call 7ff8a8e18ba0 532->541 533->527 542 7ff8a8e012c8-7ff8a8e012d7 call 7ff8a8e18ba0 533->542 541->529 549 7ff8a8e012d9-7ff8a8e012dc 542->549 550 7ff8a8e01318-7ff8a8e0131b 542->550 551 7ff8a8e01290-7ff8a8e012a3 547->551 549->532 554 7ff8a8e013d0 call 7ff8a8e17480 549->554 550->527 555 7ff8a8e01321-7ff8a8e01329 550->555 552 7ff8a8e012a5-7ff8a8e012b1 551->552 553 7ff8a8e01288-7ff8a8e0128d Sleep 551->553 556 7ff8a8e012b7-7ff8a8e012c1 _amsg_exit 552->556 557 7ff8a8e013b0-7ff8a8e013c5 call 7ff8a8e1f7b0 552->557 553->551 561 7ff8a8e013d5-7ff8a8e013e9 call 7ff8a8e014b0 554->561 555->527 559 7ff8a8e0132f-7ff8a8e01348 555->559 556->529 557->529 562 7ff8a8e01357-7ff8a8e0136a 559->562 561->529 571 7ff8a8e013ef-7ff8a8e01411 call 7ff8a8e014b0 call 7ff8a8e18ba0 561->571 563 7ff8a8e01350-7ff8a8e01355 Sleep 562->563 564 7ff8a8e0136c 562->564 563->562 567 7ff8a8e01370-7ff8a8e0137c 564->567 569 7ff8a8e01390-7ff8a8e013a5 call 7ff8a8e1f7b0 567->569 570 7ff8a8e0137e-7ff8a8e01388 _amsg_exit 567->570 569->527 570->527 571->527 578 7ff8a8e01417-7ff8a8e01430 571->578 579 7ff8a8e0143f-7ff8a8e01452 578->579 580 7ff8a8e01454 579->580 581 7ff8a8e01438-7ff8a8e0143d Sleep 579->581 580->567 581->579
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: Sleep_amsg_exit
                              • String ID:
                              • API String ID: 1015461914-0
                              • Opcode ID: 036d39fbe0bf722972d9f45367ac3dec8b455faca4da9ea0d694ab236fe929a8
                              • Instruction ID: 1496872c32d1324554321741f976241efdd3a3f3c817102e3e481650a42597c4
                              • Opcode Fuzzy Hash: 036d39fbe0bf722972d9f45367ac3dec8b455faca4da9ea0d694ab236fe929a8
                              • Instruction Fuzzy Hash: BC51D230E0F203E6F7149B66994027A62A5EF95BC0F044435DE8DCB7D6EF3CA5615278
                              Function 00007FF8A8E21C20 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: malloc
                              • String ID:
                              • API String ID: 2803490479-0
                              • Opcode ID: a58b26fb905e174e8d7504d9dd70196b90192e5a9dbd69dd6d80ecc553328d74
                              • Instruction ID: 08622a48b83a307fb9836406139709bae938112d6971142260a9a06bf4f05294
                              • Opcode Fuzzy Hash: a58b26fb905e174e8d7504d9dd70196b90192e5a9dbd69dd6d80ecc553328d74
                              • Instruction Fuzzy Hash: B6119E71F0B742E5FF59A765A5223B81281DF087D0F544A34DAAD063C6FF3CB6608228
                              Function 00007FF66B15CDA0 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: malloc
                              • String ID:
                              • API String ID: 2803490479-0
                              • Opcode ID: 5e6a0a7c73f9e692e5b24252d3044150f47de3d201d5c57f604c155f5d738856
                              • Instruction ID: 53654e7dfa9daff7a1111ad700794a6bae741dfe3cb0e232a6f60c414db8c0d9
                              • Opcode Fuzzy Hash: 5e6a0a7c73f9e692e5b24252d3044150f47de3d201d5c57f604c155f5d738856
                              • Instruction Fuzzy Hash: A01108E2F0A746E1FE69AB65E51137891B19F4C7ACF444534C92DCF3E2EE2CA4918344
                              Function 00007FF8A8E183A0 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: Free
                              • String ID:
                              • API String ID: 3978063606-0
                              • Opcode ID: afec1819db440a2c43305ab5f6e24615eb68956a064f617c0aaae620ebece080
                              • Instruction ID: 866ec89f9168d473a99ca2e5ad5568a26b27b4db8b3528495081fc24dfca41fc
                              • Opcode Fuzzy Hash: afec1819db440a2c43305ab5f6e24615eb68956a064f617c0aaae620ebece080
                              • Instruction Fuzzy Hash: 5EC04824F1FAA3E2E6986B766C8216111A0FF58780F949034C91980250DF6CA2A68A39
                              Function 00007FF66B13B930 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: Free
                              • String ID:
                              • API String ID: 3978063606-0
                              • Opcode ID: 25f1e5bf67d653dd683ad626c2ab73248ef7bfd47657521ffb2a3e5076fd6e9a
                              • Instruction ID: 4e327275b09c929df616f7dfa7b39c3efe2d925e922b1f83be01a550677587e9
                              • Opcode Fuzzy Hash: 25f1e5bf67d653dd683ad626c2ab73248ef7bfd47657521ffb2a3e5076fd6e9a
                              • Instruction Fuzzy Hash: 90C04C15F59942D1E65427639E8213111F46F4C795F9040B0D50CC8160ED5C95969F16
                              Function 00007FF8A8E1F7B0 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: free
                              • String ID:
                              • API String ID: 1294909896-0
                              • Opcode ID: 0c35b97ced1bec1fa693b917d1a2d0d85617581464d43c5e25326eda2600a28e
                              • Instruction ID: 552fdc06c5f0cdb5bcf91573c3a3a7be379786a3c9b48e17fe090633230e0e99
                              • Opcode Fuzzy Hash: 0c35b97ced1bec1fa693b917d1a2d0d85617581464d43c5e25326eda2600a28e
                              • Instruction Fuzzy Hash: 86F09022F2A652A1FE951B7195047AD4110EFA4BE0F088631DE4C06785DF7CA4B28364

                              Non-executed Functions

                              Function 00007FF66B1237A0 Relevance: 93.9, APIs: 46, Strings: 7, Instructions: 1131stringlibraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcpy_s$_strlwr$ByteCharMultiWidestrcmpstrstr$Process$AddressCodeCurrentExitFirstHandleModuleProcProcess32
                              • String ID: 0$0$NtClose$NtOpenProcess$ntdll.dll$ntdll.dll$onProcesntdll.dll
                              • API String ID: 2957762160-2864597353
                              • Opcode ID: 366d074a5c91f768f8f9941f5c1996b23e818bcc2d8ba77f55bdce0c2605b66e
                              • Instruction ID: 8806fdb44adac46bd1edd8054a674702a194b2c5979976771d5e5ed2c8198fa3
                              • Opcode Fuzzy Hash: 366d074a5c91f768f8f9941f5c1996b23e818bcc2d8ba77f55bdce0c2605b66e
                              • Instruction Fuzzy Hash: CBA25E72608681D6EB648F16E95036AB7B1FB8AB88F454135DF8D8B7A8DF3CD851C700
                              Function 00007FF66B14D5F0 Relevance: 79.1, APIs: 47, Strings: 4, Instructions: 2617stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::_S_create$basic_string::replace
                              • API String ID: 2619041689-978392061
                              • Opcode ID: b43c7009fa0db71d8b526a57b924ce55876bc2659ab767e6332628b895dbbf45
                              • Instruction ID: ed279e49cc10e136d5607dd882456cdcf1c2b1b2385019feda5ffecc380c8d68
                              • Opcode Fuzzy Hash: b43c7009fa0db71d8b526a57b924ce55876bc2659ab767e6332628b895dbbf45
                              • Instruction Fuzzy Hash: 18130163B19686E5EE149F26D9045B9A771AF09BDCF484432EE1C8F7E5EE2CE542C300
                              Function 00007FF66B14B470 Relevance: 77.0, APIs: 45, Strings: 5, Instructions: 2031COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::_S_create$basic_string::assign$basic_string::insert
                              • API String ID: 3510742995-982419628
                              • Opcode ID: 964997ee065c58036f774918f2f725028d89ef295392f68a9a1db0bdc69b5998
                              • Instruction ID: 2d81a5d3c89c8e87015a64db85f119199843283d1880564cbe0105a80ad202a2
                              • Opcode Fuzzy Hash: 964997ee065c58036f774918f2f725028d89ef295392f68a9a1db0bdc69b5998
                              • Instruction Fuzzy Hash: 76F2FFB2B09646E5EE108F26D5442BDA7B1AF0DB9CF484532DA1D8F7E5EE2CE585C300
                              Function 00007FF66B156C30 Relevance: 52.4, APIs: 27, Strings: 7, Instructions: 1384stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::_M_replace$basic_string::_M_replace_aux$basic_string::assign$basic_string::insert$basic_string::replace
                              • API String ID: 2619041689-3257055785
                              • Opcode ID: b14709f6a180d2c57cfd1b7ccbc300d29b107e27f784da31b3f7c9540ba238b8
                              • Instruction ID: cd3832aadbdafc67512cea1577a3df919a0d229cc50feef8d2fdfe234d1d6585
                              • Opcode Fuzzy Hash: b14709f6a180d2c57cfd1b7ccbc300d29b107e27f784da31b3f7c9540ba238b8
                              • Instruction Fuzzy Hash: 6AA203B3B09A96E0EB218B25D4111B9E370AB49FDCF948532DE5D8F7A5DE2CE542C304
                              Function 00007FF66B15BD80 Relevance: 28.0, APIs: 15, Strings: 3, Instructions: 1031stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::_M_create$basic_string::append$basic_string::append
                              • API String ID: 2619041689-2076559931
                              • Opcode ID: 5166f6b5757f2ae01972d25dab95fd0b05efa420a887c9916b6fb963a7897b14
                              • Instruction ID: ab36698ad15d3ed599f38477f58d69ec64121e2e71064590dc7a794aaef87c08
                              • Opcode Fuzzy Hash: 5166f6b5757f2ae01972d25dab95fd0b05efa420a887c9916b6fb963a7897b14
                              • Instruction Fuzzy Hash: DA829DB3B09A46E0EA109F26D4042BEA771AB49FDCF548532DA1E8F7A5DE3CE541C344
                              Function 00007FF66B14929E Relevance: 18.5, APIs: 9, Strings: 3, Instructions: 513COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$mallocmemset
                              • String ID: basic_string::_M_replace_aux$basic_string::_S_create$basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
                              • API String ID: 368144878-3359409074
                              • Opcode ID: a0dea774e3750bdcd954db3118cc2827cf641b9aa75ffd369047a8399464ee7c
                              • Instruction ID: 6fdfa5790333e9d6ccb46c6424cd0c86642c154ab4fc4b54d48baf31d31bfd5d
                              • Opcode Fuzzy Hash: a0dea774e3750bdcd954db3118cc2827cf641b9aa75ffd369047a8399464ee7c
                              • Instruction Fuzzy Hash: 5912E672B09642E9EA208F16D6546BDA771AB49BECF584531DE1C8F3E6DE3CE581C300
                              Function 00007FF8A8E1AED0 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 542COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID: .
                              • API String ID: 1992160199-248832578
                              • Opcode ID: d39005f12024fb3bc23f412d7ac4ffb7e71369ea58af91583f7d31a02580f966
                              • Instruction ID: 5496c4b3a09d19bfbed144b8598ebaa77d44e15a075829431ecef271e6af6f8c
                              • Opcode Fuzzy Hash: d39005f12024fb3bc23f412d7ac4ffb7e71369ea58af91583f7d31a02580f966
                              • Instruction Fuzzy Hash: 3522D673B1A242DAE7A98F25C05077D77A2EBA8B88F158135DA0D47788DB3CEC10C764
                              Function 00007FF66B13E450 Relevance: 16.3, APIs: 8, Strings: 1, Instructions: 542COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID: .
                              • API String ID: 1992160199-248832578
                              • Opcode ID: f2335e7aae4a5d6319f253de6a1438e5547aa12490883e51a64923facd17ed70
                              • Instruction ID: 3eb869f39e014940ce2718e8fe2c9ea9298f0982f2c677f7894388a4c4a6f20f
                              • Opcode Fuzzy Hash: f2335e7aae4a5d6319f253de6a1438e5547aa12490883e51a64923facd17ed70
                              • Instruction Fuzzy Hash: 0222B173A28342D6E7698E25D050779B7B1EB48B4CF144135CA0E8B798EE3DEE418760
                              Function 00007FF8A8E12CF0 Relevance: 15.7, APIs: 4, Strings: 6, Instructions: 698stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: strlenstrncmp
                              • String ID: Z$Z$_$_$_$_GLOBAL_
                              • API String ID: 1310274236-662103887
                              • Opcode ID: 8ebb671ede4c0b090eee67c06e0a71d2930acf758b112c288f9a7d8f89799bcb
                              • Instruction ID: 90bf7350fb40d7feba17e5405f34b7f8f22459c63abfbfc969fce2595a11039d
                              • Opcode Fuzzy Hash: 8ebb671ede4c0b090eee67c06e0a71d2930acf758b112c288f9a7d8f89799bcb
                              • Instruction Fuzzy Hash: 8562CF72A0A282EAFBA58E21C8543FD37A1FB157C8F144035DA1E0BB89DF7D9564C718
                              Function 00007FF66B135F60 Relevance: 15.7, APIs: 4, Strings: 6, Instructions: 698stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strlenstrncmp
                              • String ID: Z$Z$_$_$_$_GLOBAL_
                              • API String ID: 1310274236-662103887
                              • Opcode ID: 85742cbb5f10b908673ed06d7fdadb6439094f393b2c8fd004835dcad8abd28c
                              • Instruction ID: 8de5e7280d38907c3eb9ef8351f6b9694c16fa9afc37b1425a2bbed0f28eda27
                              • Opcode Fuzzy Hash: 85742cbb5f10b908673ed06d7fdadb6439094f393b2c8fd004835dcad8abd28c
                              • Instruction Fuzzy Hash: 7B629072A0C689EAFB658E2184543FD76B1EB0978CF144035DA0D8FBA9EF7D9A41C740
                              Function 00007FF66B15ACD0 Relevance: 15.4, APIs: 6, Strings: 4, Instructions: 387COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
                              • API String ID: 3510742995-126128797
                              • Opcode ID: 0beb2d620dd9bf7dc42085457452b8af5c232d12cf8d07ec9f9508c1ce212903
                              • Instruction ID: 018172316729fad3699eb33ac94ee50ff24b0d673812b87eae99139a86eb7acb
                              • Opcode Fuzzy Hash: 0beb2d620dd9bf7dc42085457452b8af5c232d12cf8d07ec9f9508c1ce212903
                              • Instruction Fuzzy Hash: ACC195B3A09A81D5EB115F29F8402B9B7B4E759B98F488131CB5C8B3A1DE3CD9D2C354
                              Function 00007FF66B15A1B0 Relevance: 15.4, APIs: 6, Strings: 4, Instructions: 387COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::basic_string$string::string
                              • API String ID: 3510742995-126128797
                              • Opcode ID: 62ac05373f618417ef86ea9eda8f16d10cc7dd08346fbcf3b8452b321d9aafc0
                              • Instruction ID: e97cf0167f89889e5720d5671e8de6d4ad46f34c3b4b3d47b8aca53b0f225283
                              • Opcode Fuzzy Hash: 62ac05373f618417ef86ea9eda8f16d10cc7dd08346fbcf3b8452b321d9aafc0
                              • Instruction Fuzzy Hash: B9C1A4B3A19A81D5EB115F69F4402B8B7B4E759B98F488131CB5C8B3A1DE3CD9D2C314
                              Function 00007FF66B14AE30 Relevance: 12.3, APIs: 7, Strings: 1, Instructions: 336stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::assign
                              • API String ID: 2619041689-2385367300
                              • Opcode ID: 712d1ee6cb1ca39c704ab21b67f517ebb28fe50130a180ddb81502c35cb3cf10
                              • Instruction ID: 7f56ecec58e146df8a25c1d970f9482e65db903e2e3033443467d1954548cf86
                              • Opcode Fuzzy Hash: 712d1ee6cb1ca39c704ab21b67f517ebb28fe50130a180ddb81502c35cb3cf10
                              • Instruction Fuzzy Hash: C4D19972B1965AE5EE218F1AD4442BDB770AB49F9CF544531DE1D8F7E0DE2CE9828300
                              Function 00007FF66B15B8C0 Relevance: 10.8, APIs: 5, Strings: 2, Instructions: 273stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::_M_create$basic_string::append
                              • API String ID: 2619041689-3923985592
                              • Opcode ID: 76b11affea8e570bf0bc8daf217fc9300ee95b7a484283d9afd19a6176d0d0c6
                              • Instruction ID: 4a33fb52501bce71211cca9dd03792faaccecb77e86b696850aa4b7f71412718
                              • Opcode Fuzzy Hash: 76b11affea8e570bf0bc8daf217fc9300ee95b7a484283d9afd19a6176d0d0c6
                              • Instruction Fuzzy Hash: 2491B6F3B0964AE4EA108F26D5502BAA771AB49F9CF848531DE5D8F7E5DE2CE442C304
                              Function 00007FF8A8E1C5B0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 1533COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID: $ $Infinity$NaN
                              • API String ID: 0-3274152445
                              • Opcode ID: da778f0cd26c90b516ff2772988f0db93639f81fb4b7ea348032394e7e07a4a0
                              • Instruction ID: 10b32976e9ba75cd4585d690916b5ad464c23629243656cab20c4fdd1da965e5
                              • Opcode Fuzzy Hash: da778f0cd26c90b516ff2772988f0db93639f81fb4b7ea348032394e7e07a4a0
                              • Instruction Fuzzy Hash: 00E2B472B0D682DAE7A1CF29E00036ABBA1FB957C4F104135EA4987B99DB3DE451CF14
                              Function 00007FF66B13FB30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 1533COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID: $ $Infinity$NaN
                              • API String ID: 0-3274152445
                              • Opcode ID: ef0d0a210892b9a68a8b72f744a3920f20036ed4a4ebdb6b9e4e2010053579a0
                              • Instruction ID: f63f80f70e69d04a8cc907f14a31eb625f3b3758ae7f3b45bf5f3e6ecdd72d82
                              • Opcode Fuzzy Hash: ef0d0a210892b9a68a8b72f744a3920f20036ed4a4ebdb6b9e4e2010053579a0
                              • Instruction Fuzzy Hash: 38E28732A1C681DAE7658F26E40436ABBB0FB9978CF144135EA49CBB65DF3DE4518F00
                              Function 00007FF66B151D20 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 222stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::assign
                              • API String ID: 2619041689-2385367300
                              • Opcode ID: 92de5ced38744baf074556cf4c110d164cdc2f5e163c8b2e3b7ddcd833be6887
                              • Instruction ID: c4f494829d1ea43d3bcd9a56559f60fc7624056c6525ba4de2c3328d00509f71
                              • Opcode Fuzzy Hash: 92de5ced38744baf074556cf4c110d164cdc2f5e163c8b2e3b7ddcd833be6887
                              • Instruction Fuzzy Hash: A1918FB3B0A666E5EA128F1AD44427CA371AB49B9CF544531DA0DCF7E0DF2DE891C344
                              Function 00007FF66B13AF33 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID: CCG
                              • API String ID: 0-1584390748
                              • Opcode ID: 4086a0b043b36be7aecd32a7963eeeb6ffd47896cd0ceabfe914a177ce273ad8
                              • Instruction ID: 95d77035f156578d905812465a879d08bdd4e5690cdb5015245c548f1379acbd
                              • Opcode Fuzzy Hash: 4086a0b043b36be7aecd32a7963eeeb6ffd47896cd0ceabfe914a177ce273ad8
                              • Instruction Fuzzy Hash: E121ABA0E18546E2FE781365809037D90B59F5D72DF18483ACA1DCE3F1FD0EAC818605
                              Function 00007FF66B1520B0 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 234COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_string::assign
                              • API String ID: 3510742995-2385367300
                              • Opcode ID: 6ab1510b188fd0e86d134ef641fb002c513a74cd615e0866d397abb65c89fa8a
                              • Instruction ID: 674f657713e00f98f7c75e7a76950c866ebecf33b6740e4c909351f56157d296
                              • Opcode Fuzzy Hash: 6ab1510b188fd0e86d134ef641fb002c513a74cd615e0866d397abb65c89fa8a
                              • Instruction Fuzzy Hash: 74A1ACB3B0964AE4EE218F1AE54477DE771AB19B9CF544131CB1D8B7A0DE2CE980C384
                              Function 00007FF66B14FBE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: mallocmemcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_create$basic_string::erase
                              • API String ID: 4276657696-874136391
                              • Opcode ID: 58525d48c7fd20f31917e229d8ea777a75864351186ad4f706407040cf886123
                              • Instruction ID: 00ae95ac205e4e2a7625f22621f0c253f89edba9a0fff414598c4048658c8e3a
                              • Opcode Fuzzy Hash: 58525d48c7fd20f31917e229d8ea777a75864351186ad4f706407040cf886123
                              • Instruction Fuzzy Hash: 94519E72B09656E5FA108F15D4446B9A775AB49BACF844632DE3CCB3E4EF2CD886C340
                              Function 00007FF66B159CD0 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 152COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_string::_M_create
                              • API String ID: 3510742995-3122258987
                              • Opcode ID: 8c73721c28dc6fbbda2f0a036766c8479ba54f5a3e04b098ad6345b8452a3a00
                              • Instruction ID: 36187fdff02aad718136783fc63861083d46ff27044d21f169acee0fd9068241
                              • Opcode Fuzzy Hash: 8c73721c28dc6fbbda2f0a036766c8479ba54f5a3e04b098ad6345b8452a3a00
                              • Instruction Fuzzy Hash: DC518EF3608A85E1DA198B15D4202BDA771FB49BD8F548632CE2D8B3E6DF38D591C306
                              Function 00007FF8A8E1F190 Relevance: 2.6, APIs: 2, Instructions: 150COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: CriticalLeaveSectionSleepmalloc
                              • String ID:
                              • API String ID: 1993596536-0
                              • Opcode ID: 7e2fe93f54d0f0f35c9e097b9d50c1ffc2aa3f44bedecc2140996b3f98b37445
                              • Instruction ID: 9357116186bb3bd666a2711c91d367ee89a57c9d1cde15c129e8b6b1a1624a65
                              • Opcode Fuzzy Hash: 7e2fe93f54d0f0f35c9e097b9d50c1ffc2aa3f44bedecc2140996b3f98b37445
                              • Instruction Fuzzy Hash: C15105B1A19202D6EBAC8F15F404B7A3AA1EBA07C4F519238DA4E07BD4CF3DD551CB94
                              Function 00007FF66B142710 Relevance: 2.6, APIs: 2, Instructions: 150COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: CriticalLeaveSectionSleepmalloc
                              • String ID:
                              • API String ID: 1993596536-0
                              • Opcode ID: 98e7d60d868183cdd52a9bcbf71e4bfd39feb9d144f28b661c32f6bafe1ac76a
                              • Instruction ID: ea2015ddd9a2a947b21152db1047b11abe94115c6432e78ba5a6a4c6125a44c2
                              • Opcode Fuzzy Hash: 98e7d60d868183cdd52a9bcbf71e4bfd39feb9d144f28b661c32f6bafe1ac76a
                              • Instruction Fuzzy Hash: BB51C9B1E28202C6E71D4F15F514B796AA1EBA874CF519138CA0D8BBA4CE3CD585CB80
                              Function 00007FF8A8E20750 Relevance: 2.1, APIs: 1, Instructions: 559COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 75202502c96c6c6311f8483e592c34ccd1763e61bf6a8445c6a23aed2556d219
                              • Instruction ID: 5ad9613bbbb630ce815e24b36f5efe8cfc7b0dbbf052af3d00370e04626c6df1
                              • Opcode Fuzzy Hash: 75202502c96c6c6311f8483e592c34ccd1763e61bf6a8445c6a23aed2556d219
                              • Instruction Fuzzy Hash: 1F326D72E0E6C5D5EB609A55A0053BEA791FB897C4F044135EA8E07BDAFF3CE1608B14
                              Function 00007FF66B143CF0 Relevance: 2.1, APIs: 1, Instructions: 559COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d85f9e947f8d698d61159374551337f9aa608a57d55679348989d293b436d7c1
                              • Instruction ID: a28638dd8f7cc1da4d4a430bb8cedbecbad6e329ab47b5d11c9bd21b6b940951
                              • Opcode Fuzzy Hash: d85f9e947f8d698d61159374551337f9aa608a57d55679348989d293b436d7c1
                              • Instruction Fuzzy Hash: 7732A462A0DBC5D1EA749B55A0513BEE7B0FB8D78CF444135EA8E8BBA9DE3CD4418700
                              Function 00007FF66B15DC50 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                              Download Yara Rule
                              Strings
                              • random_device::random_device(const std::string&): unsupported token, xrefs: 00007FF66B15DCC1
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabortmallocstrlen
                              • String ID: random_device::random_device(const std::string&): unsupported token
                              • API String ID: 467726954-222443098
                              • Opcode ID: 9541fe4038f04bb88d6a2e860e81ebca80ea855146675dd0b1876224a806dcb3
                              • Instruction ID: d17f4c6d564969e677258829b00a54dd60cb375731eeeaefee7c2f2328b308e3
                              • Opcode Fuzzy Hash: 9541fe4038f04bb88d6a2e860e81ebca80ea855146675dd0b1876224a806dcb3
                              • Instruction Fuzzy Hash: 282175B2E18647E1E924AB62A9514B9E375BF4DBC8F440031E94DCF7B6DE2CE1018348
                              Function 00007FF8A8E03C10 Relevance: .5, Instructions: 513COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 26e0fa4ba8de209f33d981733c211bfc04209555fe558efc360ad56f06d6f81b
                              • Instruction ID: c2243841320eec59e0e835adf50b55b24f5b133db8af7133fa23a5f8c726de6b
                              • Opcode Fuzzy Hash: 26e0fa4ba8de209f33d981733c211bfc04209555fe558efc360ad56f06d6f81b
                              • Instruction Fuzzy Hash: 5312B5B2E4BB42E1FB654700A54177A26F5EF517C8F558831CA4C07785DF3CEAA183A8
                              Function 00007FF66B126E80 Relevance: .5, Instructions: 513COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 26e0fa4ba8de209f33d981733c211bfc04209555fe558efc360ad56f06d6f81b
                              • Instruction ID: 5a9e0e021e1a2a881a5c9281485bcfd9551db5b9dd5de4ccf897ebec6de4c828
                              • Opcode Fuzzy Hash: 26e0fa4ba8de209f33d981733c211bfc04209555fe558efc360ad56f06d6f81b
                              • Instruction Fuzzy Hash: F912D962E09B82D1FB658B01A44177BA6E5EF5B788F558032CA4C4B7E1DE3CE9C18780
                              Function 00007FF8A8E04460 Relevance: .5, Instructions: 486COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a89966a286401408c25dd472d305ca0d404c484534aad0940b22489e1a5209f
                              • Instruction ID: 1af05cdf202ee500af6f63a51e0fd1dd1a8b2143fd529cccc95592ce0b3a07e2
                              • Opcode Fuzzy Hash: 4a89966a286401408c25dd472d305ca0d404c484534aad0940b22489e1a5209f
                              • Instruction Fuzzy Hash: AC12C3B2A4A742D5EB548F11A24037936F1FB55BCCF588934CA4D07789EF3CE8A18798
                              Function 00007FF66B1276D0 Relevance: .5, Instructions: 486COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f2cb3a8822b5cb700f201b4021c6dfea5137410ebe53105b0792161ae7a76cd1
                              • Instruction ID: cc22d2a927771cbc85fe5d6741d0b69588654b0418401d1fc7fd428a2afce487
                              • Opcode Fuzzy Hash: f2cb3a8822b5cb700f201b4021c6dfea5137410ebe53105b0792161ae7a76cd1
                              • Instruction Fuzzy Hash: 2912C272A09742D6EB548F11905133FA6B2EB4AB9CF544036CA0D8B7A9DE3CEDD18380
                              Function 00007FF8A8E06360 Relevance: .5, Instructions: 480COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b057cbbb8f210a0f42a14319dea50cbe7b6f0892c6a6c6128709ea7b62745ec8
                              • Instruction ID: 87240dbd96e72f8c7ebae34ecfed372698fb417d04f275e3590c6a20583fa406
                              • Opcode Fuzzy Hash: b057cbbb8f210a0f42a14319dea50cbe7b6f0892c6a6c6128709ea7b62745ec8
                              • Instruction Fuzzy Hash: 3502B271E8E386E5FB689A15540137A16F1DB41BC4F588831CA4E077E6DF3CE9B183A8
                              Function 00007FF66B1295D0 Relevance: .5, Instructions: 480COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b057cbbb8f210a0f42a14319dea50cbe7b6f0892c6a6c6128709ea7b62745ec8
                              • Instruction ID: 3a6403fb947428d18b5d55602188f39db79ca2b1baac516007c40ff6f0aa1485
                              • Opcode Fuzzy Hash: b057cbbb8f210a0f42a14319dea50cbe7b6f0892c6a6c6128709ea7b62745ec8
                              • Instruction Fuzzy Hash: 4802F351E0C286E5FB688A295421379A6E29F5BBDCF588031CA4D8F3E7DD3DE9D18340
                              Function 00007FF8A8E200BA Relevance: .1, Instructions: 62COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 56f6b61238db992a57c07dc69b439fbe67e8447ddb7986a9a72e22a6da97e4aa
                              • Instruction ID: 3466852752523604f235245902499a4a656a3bcf3510b27d76963fa5ba115582
                              • Opcode Fuzzy Hash: 56f6b61238db992a57c07dc69b439fbe67e8447ddb7986a9a72e22a6da97e4aa
                              • Instruction Fuzzy Hash: DB31453B14F6C08EC71B8B7855A614E3F60B187E1871B87ABDBC5829D7D79E104AC706
                              Function 00007FF66B29D3B8 Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2b60f15f63746dc28937a41190a4df69956e159dca0dce497e7935c5e971a19b
                              • Instruction ID: 387686801608d1ce75aa39ca697d990abbaf70b3e238d02919cc67f4a5db97e9
                              • Opcode Fuzzy Hash: 2b60f15f63746dc28937a41190a4df69956e159dca0dce497e7935c5e971a19b
                              • Instruction Fuzzy Hash: C9E0928BD8EEC2C5F19210694E262391FE45F16979B0842AACE688A2F3DD066C01770A
                              Function 00007FF66B124B40 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae039c0ccab655001838bb738bec13e111da24974d0ae1d3d37dbb9c3f3e987e
                              • Instruction ID: 5813d13669751060f7b9ea9dc482dedaa40ff4b35687dd68224cf6ad8f3b5e2c
                              • Opcode Fuzzy Hash: ae039c0ccab655001838bb738bec13e111da24974d0ae1d3d37dbb9c3f3e987e
                              • Instruction Fuzzy Hash: 55D0C987E69A9509C70791BA980159093A80EFB3C4681C325BC18B1756E316B2D10300
                              Function 00007FF66B15DD49 Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: CaptureContextUnwindabort
                              • String ID:
                              • API String ID: 747564614-0
                              • Opcode ID: 14a4bca8487801086fb8889cc84cf2c95fd0bc430f120451cf0585c7b39031a8
                              • Instruction ID: 5f4412401016336882579abfc7281df8602b6d5c0007330fded4196d1f4f6ec8
                              • Opcode Fuzzy Hash: 14a4bca8487801086fb8889cc84cf2c95fd0bc430f120451cf0585c7b39031a8
                              • Instruction Fuzzy Hash: 63D09EA1F5D452E1E854FB6298524B4C2301F5F78CE442071D40EDB2B2EE2CE2914708
                              Function 00007FF66B14365A Relevance: .0, Instructions: 6COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0bcc403a276f1daa522bf2c9d193e09fff5da9de5feb978e7e1f509761831bd3
                              • Instruction ID: ee76e349228bc8072988d7da23ca955108f1d6f0fb79930ed1c422ff1f677ee3
                              • Opcode Fuzzy Hash: 0bcc403a276f1daa522bf2c9d193e09fff5da9de5feb978e7e1f509761831bd3
                              • Instruction Fuzzy Hash: 3FB01213C4CD10C4C2002F20DD002301178A717223B151330C03C982F9EA2CC0008509
                              Function 00007FF8A8E21450 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: fwrite$fputs$abortfree$fputcmemcpystrlen
                              • String ID: what(): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                              • API String ID: 802779101-808685626
                              • Opcode ID: 4599060c24f642b13191486e71167f8d45c0375b6d69b4c92fde5fe4cca3509c
                              • Instruction ID: f3c22db3de63710c6d9079c06fb16db46415b12a006dcf943d8d6781cc0689e3
                              • Opcode Fuzzy Hash: 4599060c24f642b13191486e71167f8d45c0375b6d69b4c92fde5fe4cca3509c
                              • Instruction Fuzzy Hash: 05416A30A1A112A1FB60A7B1A815BB95642EF867C0F404136E94E477C6FF7DE6118369
                              Function 00007FF66B144D00 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102fileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fwrite$fputs$abortfree$fputcmemcpystrlen
                              • String ID: what(): $terminate called after throwing an instance of '$terminate called recursively$terminate called without an active exception
                              • API String ID: 802779101-808685626
                              • Opcode ID: 8ccee2a0a896c2a7b0b69763dac113bbbf92cd98c01012f72ff686d70be51215
                              • Instruction ID: cd320425126f59fdf971991192c4202251a5bc754b9427fbdb5f2310989bf114
                              • Opcode Fuzzy Hash: 8ccee2a0a896c2a7b0b69763dac113bbbf92cd98c01012f72ff686d70be51215
                              • Instruction Fuzzy Hash: CA41A361F18116E5FB24AB61B8157BA96B19F8DB8CF404435E80ECF7E6EE2DE5028311
                              Function 00007FF8A8E1F9B0 Relevance: 19.8, APIs: 13, Instructions: 272COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func_errno
                              • String ID:
                              • API String ID: 3183172368-0
                              • Opcode ID: fcc235d691e4d26be11642949ad4cf9fe04ed291b385097019a6a1c2a66751d0
                              • Instruction ID: c8e8bd3ec46c3a3046ac312f133f10b3069c7b4f79b2b158b7a39b5f8131b92f
                              • Opcode Fuzzy Hash: fcc235d691e4d26be11642949ad4cf9fe04ed291b385097019a6a1c2a66751d0
                              • Instruction Fuzzy Hash: CDB1B431A1E642EAF7A08F11A44437A6B90FF657C8F048035EA8D47784EF7DE5258768
                              Function 00007FF66B142ED0 Relevance: 19.8, APIs: 13, Instructions: 272COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func_errno
                              • String ID:
                              • API String ID: 3183172368-0
                              • Opcode ID: f47ad0375922463bdd9f73bb4c64ee8bf7531557e5682a969d60e82a715fbebc
                              • Instruction ID: 0d17a4aa03445290cb168234d278748c9f40281f3eccfbdec17ed52815b3ea6d
                              • Opcode Fuzzy Hash: f47ad0375922463bdd9f73bb4c64ee8bf7531557e5682a969d60e82a715fbebc
                              • Instruction Fuzzy Hash: 2BB19071B18642E6E7648F12A40437ABAB0FB5978CF448135EA8D8F7A4DF7DE4468B40
                              Function 00007FF8A8E19D00 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 446COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID: UUUU
                              • API String ID: 1992160199-1798160573
                              • Opcode ID: 6b68097bf7420150babb894e36c6aeaff896fa196c61cd1df292c1f48f671bb8
                              • Instruction ID: fd728e70555f7384f0a75909816d415f3d0a97463944074e30af7f07c9aabd9a
                              • Opcode Fuzzy Hash: 6b68097bf7420150babb894e36c6aeaff896fa196c61cd1df292c1f48f671bb8
                              • Instruction Fuzzy Hash: 6C127672A0A142D6E7E49F24C15077937E1EB65B98F648239CA0D072C9DB3DEC61CB68
                              Function 00007FF66B13D280 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 446COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID: UUUU
                              • API String ID: 1992160199-1798160573
                              • Opcode ID: 3b85de55c72d650216168256f511233200dee7a2bcb32fa0b97bc0524bea5549
                              • Instruction ID: dbf6a8c8f87f24727d66fd4cf04acf111f5f82c5318822052b9f416759ee2b01
                              • Opcode Fuzzy Hash: 3b85de55c72d650216168256f511233200dee7a2bcb32fa0b97bc0524bea5549
                              • Instruction Fuzzy Hash: 861212B2948242D6E7698F28C150779B7F1EB59B5CF258235CA0D8F699EE38EC418B40
                              Function 00007FF66B1566E0 Relevance: 16.9, APIs: 8, Strings: 3, Instructions: 427stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_replace_aux$basic_string::append
                              • API String ID: 2619041689-2502837630
                              • Opcode ID: fe33d7d4b6210f9a454997c0034592cf050debdc79d948e4469cca2b33a8cc91
                              • Instruction ID: b1027964ce7d1b66a8513b50e1eaff25c1882d4b06f4cec1d85be0fa5ac46c93
                              • Opcode Fuzzy Hash: fe33d7d4b6210f9a454997c0034592cf050debdc79d948e4469cca2b33a8cc91
                              • Instruction Fuzzy Hash: 68E1D1B3B08B4AE5EB108F25D4101B8A370AB59F9CF948532DE5D8B7A5DE2CE452C384
                              Function 00007FF8A8E17C60 Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: CriticalSection$DeleteEnterErrorInitializeLastLeaveValuefree
                              • String ID:
                              • API String ID: 100439675-0
                              • Opcode ID: e6b3af72e8468e62411243eb107bfb9d0c90104bcd25452cd5db39969406b84e
                              • Instruction ID: 28b2f6a67603093571bb37777479a006e51c1d59417a7cc548411e1758080b3a
                              • Opcode Fuzzy Hash: e6b3af72e8468e62411243eb107bfb9d0c90104bcd25452cd5db39969406b84e
                              • Instruction Fuzzy Hash: 69411731B0E647E6FA959B21A84027823A0FF65FC1F585435DD1D4B298DF3CE8958338
                              Function 00007FF66B13B200 Relevance: 16.6, APIs: 11, Instructions: 120COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: CriticalSection$DeleteEnterErrorInitializeLastLeaveValuefree
                              • String ID:
                              • API String ID: 100439675-0
                              • Opcode ID: 9330b5d3d040965e5f82546b1fb6f7cd28c845c6038d1d802dd6600f1cdd6889
                              • Instruction ID: 2efcb5d3d11c240dd85896b17b5af8d61905ab7e8ddede34e17a478b260def5e
                              • Opcode Fuzzy Hash: 9330b5d3d040965e5f82546b1fb6f7cd28c845c6038d1d802dd6600f1cdd6889
                              • Instruction Fuzzy Hash: C3410B25A09A02D6FA55AB12E980379A3B4AF4DF99F484535CD0DCF2B4FE2CF9418704
                              Function 00007FF8A8E185E0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: ExceptionRaiseUnwindabort
                              • String ID: CCG $CCG!$CCG!$CCG"
                              • API String ID: 4140830120-3707373406
                              • Opcode ID: 8230580fa15a5b06a7bc249b48aa6b1323d7fde1a1b9ca23d651a8f55b12df56
                              • Instruction ID: 8bdb49a38aaf06a0cc022a7b58f722a66f30d5f95a9cdae83ad39955377a655b
                              • Opcode Fuzzy Hash: 8230580fa15a5b06a7bc249b48aa6b1323d7fde1a1b9ca23d651a8f55b12df56
                              • Instruction Fuzzy Hash: 0251F232A09B80D2E7A08B25E4406ADB370F799BD8F504236EE9D13758DF3CD4A1C754
                              Function 00007FF66B13BB70 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 129COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: ExceptionRaiseUnwindabort
                              • String ID: CCG $CCG!$CCG!$CCG"
                              • API String ID: 4140830120-3707373406
                              • Opcode ID: dc6a7ee336f2ebe839d07885afb3059022dc8acf7e1b17539076f0da69c5fdc9
                              • Instruction ID: bac2a38d8dde6b3222be6ca923695dd6f2f9ce645e2b7fce6121c91e250e92e4
                              • Opcode Fuzzy Hash: dc6a7ee336f2ebe839d07885afb3059022dc8acf7e1b17539076f0da69c5fdc9
                              • Instruction Fuzzy Hash: B851BF32A08B80D6E7708B15E4446AAB370F79DB98F544236EE8D57768EF3CD982C704
                              Function 00007FF66B142AB0 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 26libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: AddressProc$HandleLibraryLoadModule
                              • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                              • API String ID: 384173800-4041758303
                              • Opcode ID: 1745268a0d4ef1f4bbb13a60266eae6d266f976300e20f96b737c0f73c86d016
                              • Instruction ID: 292725e64c523750ecb0046c721ab6825161991f0c1f68ef444ea84920b21e2c
                              • Opcode Fuzzy Hash: 1745268a0d4ef1f4bbb13a60266eae6d266f976300e20f96b737c0f73c86d016
                              • Instruction Fuzzy Hash: EFF01D20E59A07E0E915AB53FE500B467F8BF4C798B840132C80DCB374DE2CE58AC744
                              Function 00007FF8A8E175E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: QueryVirtual
                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                              • API String ID: 1804819252-1534286854
                              • Opcode ID: 110d1f2817ca0a2f40a06a6f85d1c1df25be8983fd5431927ac0d32dbc5fbf02
                              • Instruction ID: 3025494cfff14ee96b7734aadb905189939bcba42f512873ee2e5e0c2fed3a6f
                              • Opcode Fuzzy Hash: 110d1f2817ca0a2f40a06a6f85d1c1df25be8983fd5431927ac0d32dbc5fbf02
                              • Instruction Fuzzy Hash: C951D172B0AB46E1EB109B21E8406A97760FF99BD4F444131EE4C07798EF3CE495C758
                              Function 00007FF66B13A970 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 138COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: QueryVirtual
                              • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                              • API String ID: 1804819252-1534286854
                              • Opcode ID: 870e53ec4fd15d85e393abec348360d81c4a0922adaaf5e308eb63bd176a8771
                              • Instruction ID: b7a83dae0b8595af9ac640ef9ae41e58810992423eae425295274846b8e6e30d
                              • Opcode Fuzzy Hash: 870e53ec4fd15d85e393abec348360d81c4a0922adaaf5e308eb63bd176a8771
                              • Instruction Fuzzy Hash: 1D517172A18A46D2EA109B52E9416B9B7B4FF4DB98F444231DE4C8B3B4EE3CE945C740
                              Function 00007FF8A8E1A530 Relevance: 12.4, APIs: 8, Instructions: 355COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID:
                              • API String ID: 1992160199-0
                              • Opcode ID: 6455380b65f2535aa43ea52f4673dc818bd6c141cbea47eaf03f434f54f19436
                              • Instruction ID: b2869d1fdab456062866914563f408e3bf1b5e1490a51f2b5c01938b3606e629
                              • Opcode Fuzzy Hash: 6455380b65f2535aa43ea52f4673dc818bd6c141cbea47eaf03f434f54f19436
                              • Instruction Fuzzy Hash: 97E196B2A0A142D6E7A48F25D14477937F2EB64B98F258235CB0D47788DB3CEC61CB64
                              Function 00007FF66B13DAB0 Relevance: 12.4, APIs: 8, Instructions: 355COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID:
                              • API String ID: 1992160199-0
                              • Opcode ID: d2623296c75c8317225f068edeea6053287046020c41a073c712053802fb2e7c
                              • Instruction ID: 27f6792bbde96fbf2fbfe456c6f97ba46dbc1c3460e032f44bcb4cda0be36f2f
                              • Opcode Fuzzy Hash: d2623296c75c8317225f068edeea6053287046020c41a073c712053802fb2e7c
                              • Instruction Fuzzy Hash: B1E172B2A54142D6E7648F25C140779BBF2EB5DB5CF258239CA098F698EE3DEC41CB40
                              Function 00007FF8A8E18900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: ExceptionRaise$abort
                              • String ID: CCG $CCG"$CCG"
                              • API String ID: 3325032505-1179968548
                              • Opcode ID: b9ab3242cddfa2819dbf7b129e39ea8be360cfbf5f2922f88af2ec39a7d05918
                              • Instruction ID: 01014b766623865315b3bae8e73a8e0f4b315870b13e0dc941fdb31478bb64a2
                              • Opcode Fuzzy Hash: b9ab3242cddfa2819dbf7b129e39ea8be360cfbf5f2922f88af2ec39a7d05918
                              • Instruction Fuzzy Hash: 22215133A29B8183E350CF65E4403A96761F7D9788F20A22AEE8D57764DF7DC1968700
                              Function 00007FF66B13BE90 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: ExceptionRaise$abort
                              • String ID: CCG $CCG"$CCG"
                              • API String ID: 3325032505-1179968548
                              • Opcode ID: 1248136c8d12200e9146046813ce4688b5b53dd78843b57f567ca62a653446f1
                              • Instruction ID: bb1cb7220c9587f78a9ee2a5fc3ee6f20970b1a703cd82f8c5600cfd2a6c1225
                              • Opcode Fuzzy Hash: 1248136c8d12200e9146046813ce4688b5b53dd78843b57f567ca62a653446f1
                              • Instruction Fuzzy Hash: FB214F33A24B80C7E3509B55E4403A96771F7D9B98F20A22AEA8D47764EF79C5928700
                              Function 00007FF8A8E1E8B0 Relevance: 11.5, APIs: 9, Instructions: 204COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: CriticalLeaveSectionfree
                              • String ID:
                              • API String ID: 1679108487-0
                              • Opcode ID: 7b1761280d93aba6bd9828b87403fc43a41322c0571729c98febacc7a93ccf4b
                              • Instruction ID: b0fa0fef24c5ea5bee8df97e7a32db00b1eec02ea950ecd244bc3f7255ebe2b7
                              • Opcode Fuzzy Hash: 7b1761280d93aba6bd9828b87403fc43a41322c0571729c98febacc7a93ccf4b
                              • Instruction Fuzzy Hash: E4917C31E0BA43E5FBA4AB24E54127862A1FF24BC5F484531EA5E47794DF3CF4A18368
                              Function 00007FF66B141E30 Relevance: 11.5, APIs: 9, Instructions: 204COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: CriticalLeaveSectionfree
                              • String ID:
                              • API String ID: 1679108487-0
                              • Opcode ID: 0ffc4c2345dfc38d41add92abfaa222bdc7b4f4d0a5a20904e84831802a9edec
                              • Instruction ID: 5aa9d819193dd3099091b13f4bc36eff741cb7a7d74642975052ecac91852fd1
                              • Opcode Fuzzy Hash: 0ffc4c2345dfc38d41add92abfaa222bdc7b4f4d0a5a20904e84831802a9edec
                              • Instruction Fuzzy Hash: 89914C76E19A52E5EB159B16E640278A6B4BF4CB8CF484131D90DDF7B4DF3CA8A1C340
                              Function 00007FF66B155622 Relevance: 10.8, APIs: 6, Strings: 1, Instructions: 315COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create
                              • API String ID: 2221118986-3122258987
                              • Opcode ID: 6fb3b78d44d575d06320290487d7c5b6d8944fbd8d7e913079a0a899b754db29
                              • Instruction ID: b52c47c48c15963384b0b5c06429ddbb76f24269a4c9e17f56cad349fffdbe29
                              • Opcode Fuzzy Hash: 6fb3b78d44d575d06320290487d7c5b6d8944fbd8d7e913079a0a899b754db29
                              • Instruction Fuzzy Hash: D78155B3A09681D5EB255F1AF9402B9A7A0A75D7D8F9C8130CF9D8B361DE3CD482C344
                              Function 00007FF8A8E177C0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 269memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(?,?,?,00007FF8A8F2BE34,?,?,?,?,00007FF8A8E0124D), ref: 00007FF8A8E179A3
                              Strings
                              • Unknown pseudo relocation bit size %d., xrefs: 00007FF8A8E17B24
                              • Unknown pseudo relocation protocol version %d., xrefs: 00007FF8A8E17B46
                              • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF8A8E17B3A
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                              • API String ID: 544645111-1286557213
                              • Opcode ID: 0d2082d56b1e6919d6b97bf141ca3ed5546f33310e17f22b7cccea4572611024
                              • Instruction ID: c693f62ea9a6a0fadab53123fd19d4e903285d626b0857c906f2b4cfa3ab75b8
                              • Opcode Fuzzy Hash: 0d2082d56b1e6919d6b97bf141ca3ed5546f33310e17f22b7cccea4572611024
                              • Instruction Fuzzy Hash: ECA18F72F1A553E1EB908B259C406796291EF64BE4F148231DD2D077DCEF3CE8628268
                              Function 00007FF66B1472B0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 233stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcmp$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                              • API String ID: 3738950036-1697194757
                              • Opcode ID: 40729e93884535b739f7e03e0d0f79bb8e5f81659639c57613e4a2e71e60f780
                              • Instruction ID: 3c0c12f7c2abda4f10e2d531aadeb00692cfa6896e427d44adbb640a1965efe5
                              • Opcode Fuzzy Hash: 40729e93884535b739f7e03e0d0f79bb8e5f81659639c57613e4a2e71e60f780
                              • Instruction Fuzzy Hash: 2651A492F08552E1EE149A26E9041F492659F1EBECF5C5A32DE2CDF7F1DD1CEA828300
                              Function 00007FF66B1487F0 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 233stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcmp$strlen
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::compare
                              • API String ID: 3738950036-1697194757
                              • Opcode ID: 556757704265cff6b1fb931cde587f6bb9eb8c88f18b4d56dd346ebeeb61897e
                              • Instruction ID: fc72457c7eaf152a98471df96dfb4dcf00bba3b737e8b48edf75cf091a18e312
                              • Opcode Fuzzy Hash: 556757704265cff6b1fb931cde587f6bb9eb8c88f18b4d56dd346ebeeb61897e
                              • Instruction Fuzzy Hash: DE51E292B18543E2EE149A26ED101F492649F4DBECF684631ED2CDF7F6DE1CE9868300
                              Function 00007FF66B146010 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 109windowCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: FormatFreeLocalMessagememcpy
                              • String ID: Unknown $basic_string: construction from null is not valid$error co
                              • API String ID: 1463094090-4228307607
                              • Opcode ID: 3a9fb73336347df441dc2766997908fab837d92f5451a5c1a35b54809c4278da
                              • Instruction ID: 8dbd8262c9641da00ffd8117dac11363e320b0df022ea3aa8ffdddb7f354777a
                              • Opcode Fuzzy Hash: 3a9fb73336347df441dc2766997908fab837d92f5451a5c1a35b54809c4278da
                              • Instruction Fuzzy Hash: 64415772A09B45D1EB158F19E45036DB6B4EB8AFDCF548031DA8C8BBA9EF3CD4568700
                              Function 00007FF66B123440 Relevance: 10.6, APIs: 7, Instructions: 82stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcpy_s$_strlwr$ByteCharMultiWidestrstr
                              • String ID:
                              • API String ID: 606828236-0
                              • Opcode ID: 41aca9e7587885c8d3749f665e5191286f25816fd95446d896fc951d524c147b
                              • Instruction ID: ab12b792e78972705a6b05b681e067de2f94ff135e3b4cf4ea445cee15adf208
                              • Opcode Fuzzy Hash: 41aca9e7587885c8d3749f665e5191286f25816fd95446d896fc951d524c147b
                              • Instruction Fuzzy Hash: B531BF72604685D6EB209B16F9447AAA7A1F78EBD8F440031DF5D5BBA4CF3CC446D300
                              Function 00007FF66B1231E0 Relevance: 10.6, APIs: 7, Instructions: 82stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcpy_s$_strlwr$ByteCharMultiWidestrstr
                              • String ID:
                              • API String ID: 606828236-0
                              • Opcode ID: 4ed06ea6b6a309e14091867f3927c9325d9ceeb3de57b30392eac0086e627436
                              • Instruction ID: 5e300234826f841e044313bafe7567dceb0bf576ff6a86c5a34bc5c49deeb4ed
                              • Opcode Fuzzy Hash: 4ed06ea6b6a309e14091867f3927c9325d9ceeb3de57b30392eac0086e627436
                              • Instruction Fuzzy Hash: F2318F72204685D6EB209B16F9547AAA7A1F78EBD8F480131DF9D5BB94CF3CD446D300
                              Function 00007FF8A8E19070 Relevance: 9.4, APIs: 6, Instructions: 414COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID:
                              • API String ID: 1992160199-0
                              • Opcode ID: 67e0c1fe5ae666fd804cf944b37e3220ac5a14e8281472bc3b8760f1b714fa65
                              • Instruction ID: f29c60ca0cd52b97217dd768ef92cf882994386d72e2387089559a436cd57de3
                              • Opcode Fuzzy Hash: 67e0c1fe5ae666fd804cf944b37e3220ac5a14e8281472bc3b8760f1b714fa65
                              • Instruction Fuzzy Hash: BCF1E472E1A181D6EBE09F3590447796A91FB24BE8F948230CA1E57BC4CB3CED51C728
                              Function 00007FF66B13C5F0 Relevance: 9.4, APIs: 6, Instructions: 414COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fputc
                              • String ID:
                              • API String ID: 1992160199-0
                              • Opcode ID: 5a2601bb742be21d7d0ed194e9666a6ba37078df609cf0cda1f1cf3f5c2d7d2e
                              • Instruction ID: f513df84bcf087378fe66d7ae56730be8d55aaca2e89ac3efc3e0f250505fa4c
                              • Opcode Fuzzy Hash: 5a2601bb742be21d7d0ed194e9666a6ba37078df609cf0cda1f1cf3f5c2d7d2e
                              • Instruction Fuzzy Hash: E1F1D772E18361E6E7618E359004739AAB1AB18BACF658235CD1D9F7E4EF3CED418740
                              Function 00007FF66B15A650 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 325COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create
                              • API String ID: 2221118986-3122258987
                              • Opcode ID: 3b3aa6573da6e4dfb28d73fa6c8f3d38db798b1ac3f3d9961a4e1d9ac56c9cad
                              • Instruction ID: 82e5ca6acc1310708f2f51b901bff198258bd18f55dcf2e8d60665f9626377b6
                              • Opcode Fuzzy Hash: 3b3aa6573da6e4dfb28d73fa6c8f3d38db798b1ac3f3d9961a4e1d9ac56c9cad
                              • Instruction Fuzzy Hash: 9AA181B3618B81D5EB268F15F8403ADA7B0E759798F588135CBAD8B3A5DE3CD582C310
                              Function 00007FF66B151830 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 312COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_S_construct null not valid$basic_string::_S_create
                              • API String ID: 2221118986-1585226940
                              • Opcode ID: c8d5f8e8a89f42e7d8945c1179f06e3fdab881b1ee5ca00826c05ceb22cecc83
                              • Instruction ID: c1ef16dbdf3723167f8430b42058164b05ba6564a9a674cfefe72b1608d355fd
                              • Opcode Fuzzy Hash: c8d5f8e8a89f42e7d8945c1179f06e3fdab881b1ee5ca00826c05ceb22cecc83
                              • Instruction Fuzzy Hash: 72B103B3B05651E5EA159F11E8402B8A7B0EB9D7B8F884335DA6C8B3E1EE38D591C344
                              Function 00007FF66B150AB0 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 298COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_S_construct null not valid$basic_string::_S_create
                              • API String ID: 2221118986-1585226940
                              • Opcode ID: 856fa6a36e0673ce7f4e18f75243ee1c9891fbe335259abfa13c610739b481cf
                              • Instruction ID: 55fb7301a764133d03936775872f4b00e7eca235dd0ad190a7d1c3e3bea05d1f
                              • Opcode Fuzzy Hash: 856fa6a36e0673ce7f4e18f75243ee1c9891fbe335259abfa13c610739b481cf
                              • Instruction Fuzzy Hash: B2A1C0B3B05641E5EA159F11E8442B8A7A0EB5D7B8F884335DE6C8B3E1EE38D5C5C344
                              Function 00007FF66B15B170 Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 264COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create
                              • API String ID: 2221118986-3122258987
                              • Opcode ID: c1b6af8333b08662b2e041b5ee1645650fe8d0ee36ac4207bcac4ce8e436d6ee
                              • Instruction ID: e76e7171795ee7ed019eccb9d8e949c3229e29bbb6a3813028383718e519decb
                              • Opcode Fuzzy Hash: c1b6af8333b08662b2e041b5ee1645650fe8d0ee36ac4207bcac4ce8e436d6ee
                              • Instruction Fuzzy Hash: EE71A5B3A09781D1EB659F25F8403BDE6A0A75D798F588134CB9D8B7A1DE3CD582C300
                              Function 00007FF66B15B550 Relevance: 9.3, APIs: 4, Strings: 2, Instructions: 263stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpystrlen
                              • String ID: basic_string::_M_create$basic_string::_M_replace
                              • API String ID: 3412268980-3182797996
                              • Opcode ID: a4a77f29458f9cb154a29deae139d1e9492526cb708b50eedfc3ffab9e8559ba
                              • Instruction ID: a4065135ab7b25bffe7152ecf670eafcc46e7ea81d48a903051e563c6c6479f6
                              • Opcode Fuzzy Hash: a4a77f29458f9cb154a29deae139d1e9492526cb708b50eedfc3ffab9e8559ba
                              • Instruction Fuzzy Hash: 5E91A1B3B09A55E4EA109E26D4102BAA375AB49FDCF588531DE0D8F7E5DE2CE482C344
                              Function 00007FF8A8E1F820 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                              • String ID:
                              • API String ID: 2785433807-0
                              • Opcode ID: 045a4edea1dc10e642a560aad34acbd731cf3aed7047957cde1b25f54302cde7
                              • Instruction ID: 8bf23703fd0e91ffcfa27104ec994680dcc415eda0e3be6fde67e9f91d62b030
                              • Opcode Fuzzy Hash: 045a4edea1dc10e642a560aad34acbd731cf3aed7047957cde1b25f54302cde7
                              • Instruction Fuzzy Hash: 49312933A0E202A9E7929B21B4003B96654EB657F8F484236EEAD477C0DF7CC191C754
                              Function 00007FF66B142D40 Relevance: 9.1, APIs: 6, Instructions: 108COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                              • String ID:
                              • API String ID: 2785433807-0
                              • Opcode ID: 76b1e90f5653ac1efe6e01a3497f5a7dcbdac358d6369edad7d790266bddad3a
                              • Instruction ID: 76c067db9c55cb0735e9876d9dc130d0f8ef1905129ffd1a9948320acd2001a9
                              • Opcode Fuzzy Hash: 76b1e90f5653ac1efe6e01a3497f5a7dcbdac358d6369edad7d790266bddad3a
                              • Instruction Fuzzy Hash: 5A311923B18201D9F7624B21E9003B9A5B46B597ACF484236EE6DDB7E0DE7DC482C740
                              Function 00007FF8A8E1FE30 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                              • String ID:
                              • API String ID: 2785433807-0
                              • Opcode ID: f64dfb8e97fed0c24a6908fc68c6d82c6f513f64860be90f5e13696cf9485a37
                              • Instruction ID: 22792e3c9fd8ef3b9334d469a6009bddc3c9f5f4b1a4ce61c2d8b8cf43819508
                              • Opcode Fuzzy Hash: f64dfb8e97fed0c24a6908fc68c6d82c6f513f64860be90f5e13696cf9485a37
                              • Instruction Fuzzy Hash: 7E312832B1E202A5FBA14B21A4003BD6690EB557F4F440235EEAD477D5EFBCD454C758
                              Function 00007FF66B143350 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: Byte$CharLeadMultiWide___lc_codepage_func___mb_cur_max_func
                              • String ID:
                              • API String ID: 2785433807-0
                              • Opcode ID: 53341a738e5cadae43da478427d4a0a68b5e323042c8c57fb093b523a33c8061
                              • Instruction ID: db2894bbaa5ff3ee2318063def28173b63bb6626ecc4cba238ea59d8b04bec66
                              • Opcode Fuzzy Hash: 53341a738e5cadae43da478427d4a0a68b5e323042c8c57fb093b523a33c8061
                              • Instruction Fuzzy Hash: 61311262B0D601E5EB625B21B4003B9A6B0AB497BCF484634EE6D8B7E5EE7DD4468700
                              Function 00007FF66B121550 Relevance: 9.1, APIs: 6, Instructions: 82stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcpy_s$_strlwr$ByteCharMultiWide
                              • String ID:
                              • API String ID: 2752519838-0
                              • Opcode ID: d3238b2c8870ec8a07ec28956ea3111573fca0877216f30c58544a9a3c261ed9
                              • Instruction ID: 9b100c259918a5d7227a539528da49ecbccab8d8c3cad8eaf077f0318f0f1e78
                              • Opcode Fuzzy Hash: d3238b2c8870ec8a07ec28956ea3111573fca0877216f30c58544a9a3c261ed9
                              • Instruction Fuzzy Hash: DE31AE72204685D2EB209F16F9547AAA7A1F78EBD8F490131DF5D5BB94CE3DC056D300
                              Function 00007FF66B146210 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpystrerrorstrlen
                              • String ID: __gnu_cxx::__concurrence_lock_error$basic_string: construction from null is not valid
                              • API String ID: 2955597728-1066207237
                              • Opcode ID: 6c05f484a9941a8194b6d0dce824dbc127c943f08ce635f713085ef5fd9f7352
                              • Instruction ID: 332e50473a5ecfdbc4149743e45b7d8373aff0e6d15df25b4b7f611ccdd4a816
                              • Opcode Fuzzy Hash: 6c05f484a9941a8194b6d0dce824dbc127c943f08ce635f713085ef5fd9f7352
                              • Instruction Fuzzy Hash: DD11B222709B55E8EE209B26A810578B7B4EB4EBDCF484570DE4D8F7A5EE3CE151C300
                              Function 00007FF8A8E196F0 Relevance: 7.8, APIs: 5, Instructions: 293COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9144cf1045d7e2c903a37bdb67ff89c02f36cefd9ce95b033c499c81022daf61
                              • Instruction ID: fb0eeb7b64067fb890ead4fd6b35ed90c6a60d085017e329fca13d29070abaf7
                              • Opcode Fuzzy Hash: 9144cf1045d7e2c903a37bdb67ff89c02f36cefd9ce95b033c499c81022daf61
                              • Instruction Fuzzy Hash: F1C192B3E0A652D6E7A59F29C00037977A1EB64B98F998235CE0D17385CB3CEC51C768
                              Function 00007FF66B13CC70 Relevance: 7.8, APIs: 5, Instructions: 293COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a67022de2d0f3e7fbb5a2b5da87f3078e3fa5e55b14ba386eecbdd5a6595ed1
                              • Instruction ID: 05dad10c3d86397fc542a829e5ff9735b33668a526afcb2bdbe3b6884298b37e
                              • Opcode Fuzzy Hash: 2a67022de2d0f3e7fbb5a2b5da87f3078e3fa5e55b14ba386eecbdd5a6595ed1
                              • Instruction Fuzzy Hash: F7C15E77E08662D6E7658F29C004379AAB1EB48B5CF598235DA0C9B394EE3DEC51C780
                              Function 00007FF66B14AB00 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 246COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::append
                              • API String ID: 3510742995-4063909124
                              • Opcode ID: bae0ff218b20670b4f9987ca9e8520b6ae406f4ee6c6b5e5c540c6788cd2ccc3
                              • Instruction ID: 179c28f8e1fa1ec4012d8223c35b8ea9e3fadc6b0a977a3c64f69812ba6965b0
                              • Opcode Fuzzy Hash: bae0ff218b20670b4f9987ca9e8520b6ae406f4ee6c6b5e5c540c6788cd2ccc3
                              • Instruction Fuzzy Hash: 55919C72B1AA46E5EE108F1AD54467DA772AB48FCCF598031CB1D8F7A5DE3DE8808340
                              Function 00007FF66B14A810 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 217stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::append
                              • API String ID: 2619041689-3811946249
                              • Opcode ID: 963b785b52e3224a4072d1896626a27c21cd27bff83fb5cefabdb1913e31edc1
                              • Instruction ID: 7ebad2fd67ca8e29887b002b9e2d62244ac44a473ec2a070b50973047aaa614b
                              • Opcode Fuzzy Hash: 963b785b52e3224a4072d1896626a27c21cd27bff83fb5cefabdb1913e31edc1
                              • Instruction Fuzzy Hash: D381AF62B5A646E4EE108F1AD54827DA771AB4DFDCF698431CB0DCF3A5DE2CE8858340
                              Function 00007FF66B150180 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 156stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$mallocstrlen
                              • String ID: basic_string::_S_construct null not valid$basic_string::_S_create
                              • API String ID: 2479879881-1585226940
                              • Opcode ID: 554ecd67c1abac83849725017e970529447c28235929fdc350b9f3b540b863a0
                              • Instruction ID: a6c247ec732c602446a0a876b24f1687f2989207301b74087e54364c9737e5d5
                              • Opcode Fuzzy Hash: 554ecd67c1abac83849725017e970529447c28235929fdc350b9f3b540b863a0
                              • Instruction Fuzzy Hash: 1B5109B3B05741E5EA559F51E8442B86770AB5D7A8F484335DA2C8B3E1EE38D584C344
                              Function 00007FF66B150F00 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 156stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$mallocstrlen
                              • String ID: basic_string::_S_construct null not valid$basic_string::_S_create
                              • API String ID: 2479879881-1585226940
                              • Opcode ID: 799c117cadb114e0cd1e209efa8e7f7343c02a9fbbefa7cf9b5750e4b2bf7628
                              • Instruction ID: 67cb5a681c514c6efd95a26ba69a192af7a3c20581a9656b303c4d05bbb10909
                              • Opcode Fuzzy Hash: 799c117cadb114e0cd1e209efa8e7f7343c02a9fbbefa7cf9b5750e4b2bf7628
                              • Instruction Fuzzy Hash: F75101B3B05641E5EA159F11E8412B8A7B0AB5D7A8F884336DA2C8B3E1EE38D595C344
                              Function 00007FF66B14F50D Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 138COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$memset
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::replace
                              • API String ID: 438689982-3564965661
                              • Opcode ID: 7d07a84816c15cc56eaba313950e72f344c81b4d8b92c2b981b4ed5c8b14885f
                              • Instruction ID: a8b25539e974f434f75f4cd4c67aac3a852a26a95e115fa9b532e5607ec25dfa
                              • Opcode Fuzzy Hash: 7d07a84816c15cc56eaba313950e72f344c81b4d8b92c2b981b4ed5c8b14885f
                              • Instruction Fuzzy Hash: A641C062B09606E0EA10DF12E9085B9A7B5AB09BDCF494235DE2C8F7F5EE3CD445C340
                              Function 00007FF66B15AB30 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 137stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpystrlen
                              • String ID: basic_string: construction from null is not valid$basic_string::_M_create
                              • API String ID: 3412268980-1223694479
                              • Opcode ID: 33f34316dcfcb00a88ce46ae8247a67b665a3a4c540612f88c56f9aee88c4380
                              • Instruction ID: f763dd376fc5049c3ab26b25d45a66e1eaebabd800b91753f9aaeea1ee9940c8
                              • Opcode Fuzzy Hash: 33f34316dcfcb00a88ce46ae8247a67b665a3a4c540612f88c56f9aee88c4380
                              • Instruction Fuzzy Hash: EE41B6B3A19741E5EB259F15F8502B8A770AB1D798F588430CA8D8F3B1DF2CE581C354
                              Function 00007FF66B15A010 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 137stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpystrlen
                              • String ID: basic_string: construction from null is not valid$basic_string::_M_create
                              • API String ID: 3412268980-1223694479
                              • Opcode ID: 54370014f0e531c2355f09a1a9b873e1d7a6c59404df1bbe8d732e8d5f95961d
                              • Instruction ID: d52fd475727689457c7cb5da3d6337ad0e9ec2269a5b4793387661ffe59afc72
                              • Opcode Fuzzy Hash: 54370014f0e531c2355f09a1a9b873e1d7a6c59404df1bbe8d732e8d5f95961d
                              • Instruction Fuzzy Hash: D841B6B3A59741E5EA259F15F8402B9A7B0AB1D788F588430CB8C8F3A1EF2CE441C320
                              Function 00007FF66B124BF0 Relevance: 7.5, APIs: 6, Instructions: 47stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcmp
                              • String ID:
                              • API String ID: 1004003707-0
                              • Opcode ID: 94ad545dae639b27e3a0ec693e3b2c71b4b28bc3dff286f18749c0c7a483bde3
                              • Instruction ID: d5d3f764def1cb2a47ffb6c6cd8db592cfa15cc3a2f95c5680982ea01c8633b6
                              • Opcode Fuzzy Hash: 94ad545dae639b27e3a0ec693e3b2c71b4b28bc3dff286f18749c0c7a483bde3
                              • Instruction Fuzzy Hash: DE116025A18682E2FA50DB36A900175A3B4AF4E77CF880330DD2CCA3E5DF2CE045CA50
                              Function 00007FF66B13AB50 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 250memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNEL32(00007FF66B29C070,00007FF66B29C078,00007FF66B29C0C0,?,?,?,?,00000001,00007FF66B121244), ref: 00007FF66B13AD33
                              Strings
                              • Unknown pseudo relocation bit size %d., xrefs: 00007FF66B13AEB4
                              • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF66B13AECA
                              • Unknown pseudo relocation protocol version %d., xrefs: 00007FF66B13AED6
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                              • API String ID: 544645111-1286557213
                              • Opcode ID: d644f1b17d69f2222a926afcd44368b5454c7434d6573c80e9616fa1b88e8379
                              • Instruction ID: 2e09f51ee3287ee1ed4587e24e27477b5caad10357697d3a6ced913a9da7a4f5
                              • Opcode Fuzzy Hash: d644f1b17d69f2222a926afcd44368b5454c7434d6573c80e9616fa1b88e8379
                              • Instruction Fuzzy Hash: 0991A122E69912D6FE109B15D54067DA6B1BF58B6CF148231CA1D9B7F8FE2CEC428340
                              Function 00007FF8A8E17240 Relevance: 6.3, APIs: 5, Instructions: 96stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: freememcpystrlen
                              • String ID:
                              • API String ID: 2208669145-0
                              • Opcode ID: 54317f0fdeac30bcebbf66fa6848f9a36ed90ca35f5092cf1ed1f2acbf0d2b7e
                              • Instruction ID: 71555ed554b5e3753e953e8b61a2cdbe3fb4a089bff0b6a9fd20c71b00e6f1fc
                              • Opcode Fuzzy Hash: 54317f0fdeac30bcebbf66fa6848f9a36ed90ca35f5092cf1ed1f2acbf0d2b7e
                              • Instruction Fuzzy Hash: 3D31B672F5F642E1FAE65A115A007799291EF61FE0F18C230ED5E0BBC8EF3C95518268
                              Function 00007FF66B13A4B0 Relevance: 6.3, APIs: 5, Instructions: 96stringCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: freememcpystrlen
                              • String ID:
                              • API String ID: 2208669145-0
                              • Opcode ID: eb478e015de125fec45cee6dfef5f4baf1e013d62876e060b493f32fb256c3ff
                              • Instruction ID: 66f39e29018f1c69c1d6b7bc2fb83531158e7d895f9c8646f45a25b4e3dc2cef
                              • Opcode Fuzzy Hash: eb478e015de125fec45cee6dfef5f4baf1e013d62876e060b493f32fb256c3ff
                              • Instruction Fuzzy Hash: 3E319622B69642E5FD665A15660037DE2706F4A7ECF188230DD5D8FBE4FE2CEC418A00
                              Function 00007FF8A8E07AC8 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 269stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: t$ty$y
                              • API String ID: 39653677-1920740250
                              • Opcode ID: 1f09ed407c13002dfa1e0e99d8ff24085821c5c02fbe4f82a017bcf01e28625f
                              • Instruction ID: 92e40fcfe711b6a8542dc1ae43512158666fa58c0d7659ef431303243ec1c348
                              • Opcode Fuzzy Hash: 1f09ed407c13002dfa1e0e99d8ff24085821c5c02fbe4f82a017bcf01e28625f
                              • Instruction Fuzzy Hash: A9E119729487C2C6E7568F38C4143E93AA1EB29F4CF0C8135CB890B799DBBE94959335
                              Function 00007FF66B12AD38 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 269stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: t$ty$y
                              • API String ID: 39653677-1920740250
                              • Opcode ID: 55d3499485f9fdf290709b93709e1016a098a97d78733147dfbd427856e74433
                              • Instruction ID: 0441cbfd97305493b479c909dc8193ca505f2895cf57c19f42e1703d9548ed11
                              • Opcode Fuzzy Hash: 55d3499485f9fdf290709b93709e1016a098a97d78733147dfbd427856e74433
                              • Instruction Fuzzy Hash: 96E1E9725087C2C6E7568F38C0143E96BA1EB29F4CF088135CB894F799DBBE94999361
                              Function 00007FF8A8E09E6C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 211stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: strcmp
                              • String ID: (
                              • API String ID: 1004003707-3887548279
                              • Opcode ID: 71b49b42071fcab31e59767bd9d2f554238ba271c372a57ce5eb92790965ba50
                              • Instruction ID: f7abf6b01af5fdb9ba751de9733aff42e90a771b483f90fdad50255222814ca6
                              • Opcode Fuzzy Hash: 71b49b42071fcab31e59767bd9d2f554238ba271c372a57ce5eb92790965ba50
                              • Instruction Fuzzy Hash: 0DA19B72A48786D1EB559F25D8003E927A1EB65FC8F488432CF4E0B78ADF7DD8908364
                              Function 00007FF66B12D0DC Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 211stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcmp
                              • String ID: (
                              • API String ID: 1004003707-3887548279
                              • Opcode ID: 206025e6fb96563ac5ff7dd0aedf3cef1b59fb9acac3525ec18d4ee8eb5ef659
                              • Instruction ID: 27cb03820f9fcd3168c75a6ac237c0d42428e59dfc1eef7ec10404daf0ccb528
                              • Opcode Fuzzy Hash: 206025e6fb96563ac5ff7dd0aedf3cef1b59fb9acac3525ec18d4ee8eb5ef659
                              • Instruction Fuzzy Hash: D3A17C72608786D2EB559F25D4043E967A1EB5AF88F484032CF4D8F7AADF7DD8848360
                              Function 00007FF8A8E08E00 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 205stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: a$a$rm
                              • API String ID: 39653677-3573517395
                              • Opcode ID: 751185ab040397dca735e97abe02af4769e22594ee0fc5d9bdc7d1c024764b9f
                              • Instruction ID: 1dff3900a2f7aa74067a94fa0054409d78bff9d4aac84769d8074511878ea10e
                              • Opcode Fuzzy Hash: 751185ab040397dca735e97abe02af4769e22594ee0fc5d9bdc7d1c024764b9f
                              • Instruction Fuzzy Hash: D4B130729497C2C5E7568F28C0143EC2AA1EB25F8CF1C8135CB880F799DBBE94969335
                              Function 00007FF66B12C070 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 205stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strlen
                              • String ID: a$a$rm
                              • API String ID: 39653677-3573517395
                              • Opcode ID: caae019ee8604bc8c2d17cb176cd6b377816d5162eeb6dcc3b606f3ac53e98ef
                              • Instruction ID: 674bfc01e7119c273718091cbbf8e1be0f7fc199963c78fecafe88b87f505184
                              • Opcode Fuzzy Hash: caae019ee8604bc8c2d17cb176cd6b377816d5162eeb6dcc3b606f3ac53e98ef
                              • Instruction Fuzzy Hash: A7B12F725087C2C5E7568F28C0183E97AA1EB19F4CF1C8135CB894F7A9DFBE94869361
                              Function 00007FF66B14D310 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 167COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::append$basic_string::resize
                              • API String ID: 2221118986-1480708123
                              • Opcode ID: be85ff7a44ff206d8dacc3031ad4ecaabb8953c129e7e317a0bf99caae06ed63
                              • Instruction ID: 6434561f8babb17ff5cb0b3f7cb379427bf3cb9ec8e5f829849f9840e71d4d96
                              • Opcode Fuzzy Hash: be85ff7a44ff206d8dacc3031ad4ecaabb8953c129e7e317a0bf99caae06ed63
                              • Instruction Fuzzy Hash: 7E51A2A2B89542E0FF208E1AA5441BDA2B19B8DBDCF584531CB1DCF7E5DE2CED818340
                              Function 00007FF66B148E70 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$malloc
                              • String ID: basic_string::_S_construct null not valid$basic_string::_S_create
                              • API String ID: 962570267-1585226940
                              • Opcode ID: ea3f7254ee7aa76e44d378e4ffd69edda541cb38aa15042a431b8fe1b176fe52
                              • Instruction ID: eacd1c13190643aa98f6e77c05f66ed8b0e23b932b2b923cdd3ed72775080964
                              • Opcode Fuzzy Hash: ea3f7254ee7aa76e44d378e4ffd69edda541cb38aa15042a431b8fe1b176fe52
                              • Instruction Fuzzy Hash: 2841F673B05241E9EA159F15E9502F8A7649B9C7BCF880631DA2C8B3E2EE3CD5C1C380
                              Function 00007FF66B1524F0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 139stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy$strlen
                              • String ID: basic_string::append
                              • API String ID: 2619041689-3811946249
                              • Opcode ID: baa949025936676ce1b05a541b5126b0a64c21229275e6a25e995d509b6819c0
                              • Instruction ID: a7123b3b0f9e8d5cbac6fbf6c4c44961c09a6f8ec274820c5c99f871251a665b
                              • Opcode Fuzzy Hash: baa949025936676ce1b05a541b5126b0a64c21229275e6a25e995d509b6819c0
                              • Instruction Fuzzy Hash: F6516FB3B1A646D4EA108F1AD55427DA3719B4AFCCF588431CF0D8F3A5DE2CE8819384
                              Function 00007FF66B159AD0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: basic_string::_M_create
                              • API String ID: 3510742995-3122258987
                              • Opcode ID: 7e10e32ac9c35db058e90487a6080d84e7f032eec5cf6f161ccd5e809dc8062e
                              • Instruction ID: 439d84a30d5e83ba59dceb5cb7b5c35548b26ec460d38339d34a22520c4ac7f0
                              • Opcode Fuzzy Hash: 7e10e32ac9c35db058e90487a6080d84e7f032eec5cf6f161ccd5e809dc8062e
                              • Instruction Fuzzy Hash: 384105F3B09686F1EA218A11912037AA7A1AB49BDCF544531CE5D8F7E6EF2CE441C346
                              Function 00007FF8A8E01010 Relevance: 6.1, APIs: 4, Instructions: 107sleepCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: Sleep_amsg_exit
                              • String ID:
                              • API String ID: 1015461914-0
                              • Opcode ID: ea90c6ae04c204992f07de965c2acf4cec1f64947ab0b8c5c40436d5bda2447b
                              • Instruction ID: 2507ec57ad9b7ee55a945db065f3f0dbca5622dd7d51a83d711e5300eb1bd459
                              • Opcode Fuzzy Hash: ea90c6ae04c204992f07de965c2acf4cec1f64947ab0b8c5c40436d5bda2447b
                              • Instruction Fuzzy Hash: 15418631A4E243E5F7659B26E84063922A1FF49BC0F644836DE8D4B395EF7CE8518378
                              Function 00007FF8A8E091EB Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 95stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: strcmp
                              • String ID: $ : $new
                              • API String ID: 1004003707-2075650739
                              • Opcode ID: 0430882e73798ec669b8537a12b1e922c44257219182452aef923a062707c5b7
                              • Instruction ID: 7562c314485eb5ab3b4a886e3e4e6303d52c9f79c698c1463135ee8bdee3c9ab
                              • Opcode Fuzzy Hash: 0430882e73798ec669b8537a12b1e922c44257219182452aef923a062707c5b7
                              • Instruction Fuzzy Hash: 21418D72B4A746A1EB559B26A8003E92661EB51FD4F444032CF0D0B7C6EF7DD8919364
                              Function 00007FF66B12C45B Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 95stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: strcmp
                              • String ID: $ : $new
                              • API String ID: 1004003707-2075650739
                              • Opcode ID: e2f0a109c7a48eab34b8866aac28482f605417ef8f9db755fd48e7852cccf2e1
                              • Instruction ID: 27c717abb6f906bc7c8dba36dc75cbe5437f90646f04df700fc3f5327bf49ee1
                              • Opcode Fuzzy Hash: e2f0a109c7a48eab34b8866aac28482f605417ef8f9db755fd48e7852cccf2e1
                              • Instruction Fuzzy Hash: 69418D72A44746D1E7159A16E8003F96761EB8AFD8F844032CF0D8F7A6EE7CD9C58350
                              Function 00007FF66B153A10 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 87stringCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpystrlen
                              • String ID: basic_string::_S_construct null not valid$basic_string::_S_create
                              • API String ID: 3412268980-1585226940
                              • Opcode ID: f48bfb832dd380944cb06afe18995df38a850548cb6180fe75f04cebcc32e1fc
                              • Instruction ID: 2b18e7389259b098e100a2f5232ef39cabc1ea510c728fe6c8b0b3af0c6770c7
                              • Opcode Fuzzy Hash: f48bfb832dd380944cb06afe18995df38a850548cb6180fe75f04cebcc32e1fc
                              • Instruction Fuzzy Hash: CB2191B2A09A46E4EA21AB1AE9551B9A7B8BF5DBCCF444431C94D8F371DE2CD452C340
                              Function 00007FF66B1470A0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: mallocmemcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_S_create$basic_string::substr
                              • API String ID: 4276657696-2722529413
                              • Opcode ID: c02f7cc657752da201b8f1fc3b6d016a06fa11269a8dde5a7c0adece318363aa
                              • Instruction ID: 95cbfdb79ebceda8349826bcca7db1b8bed46086e99c59b1e183ae56934c68ff
                              • Opcode Fuzzy Hash: c02f7cc657752da201b8f1fc3b6d016a06fa11269a8dde5a7c0adece318363aa
                              • Instruction Fuzzy Hash: 2721A263B05641E5EF109F12D8402F8A7B4AB59BACF484632DA6C8B3E1EE7CD584C380
                              Function 00007FF66B155E20 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 73COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memset
                              • String ID: basic_string::_M_create$basic_string::at: __n (which is %zu) >= this->size() (which is %zu)
                              • API String ID: 2221118986-670834496
                              • Opcode ID: 513e07350c62d84332d4d6c689426704dbe99d4dec5c211aae0685b48c88d3ea
                              • Instruction ID: 0100fa8bd646f3f883a2301a283e7d6ae0d99f0ebb524ce3d272dafbbaa2dd37
                              • Opcode Fuzzy Hash: 513e07350c62d84332d4d6c689426704dbe99d4dec5c211aae0685b48c88d3ea
                              • Instruction Fuzzy Hash: CC1182B3A19642E1EA149B29E9411BDD771BB5DBC8F988031C64D8F771EE3CE5828344
                              Function 00007FF8A8E01480 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027640799.00007FF8A8E01000.00000020.00000001.01000000.00000000.sdmp, Offset: 00007FF8A8E00000, based on PE: true
                              • Associated: 00000000.00000002.2027607080.00007FF8A8E00000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027706128.00007FF8A8E23000.00000008.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027823027.00007FF8A8F2B000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027875456.00007FF8A8F2C000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027915634.00007FF8A8F32000.00000002.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2027982924.00007FF8A8F33000.00000004.00000001.01000000.00000000.sdmpDownload File
                              • Associated: 00000000.00000002.2028035847.00007FF8A8F36000.00000002.00000001.01000000.00000000.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff8a8e00000_RUN.jbxd
                              Similarity
                              • API ID: _lock_unlockcalloc
                              • String ID:
                              • API String ID: 3876498383-0
                              • Opcode ID: 6fed6af35d6377eeaf33dea0b13f6067e7eeb48fc11742e07c14ec66970ee409
                              • Instruction ID: 6be0fba81d788360f1f937940ee3c40a989694fb0cd4d86769c35b225e775c5f
                              • Opcode Fuzzy Hash: 6fed6af35d6377eeaf33dea0b13f6067e7eeb48fc11742e07c14ec66970ee409
                              • Instruction Fuzzy Hash: 3811A17171BA41E1EE859B21D4102B82294EF59BD4F588534DE4D0B7C8EF7CE4608364
                              Function 00007FF66B148660 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: memcpy
                              • String ID: %s: __pos (which is %zu) > this->size() (which is %zu)$basic_string::_M_create$basic_string::substr
                              • API String ID: 3510742995-456333499
                              • Opcode ID: fe0e1dfac79b53972a9ba73ebc3b02ade7921f9d3e602a10edb5b6d54a03e240
                              • Instruction ID: 59bf101a7420aa0318cd13f1ea38fead972e183b7374a96f838ee30dfd438276
                              • Opcode Fuzzy Hash: fe0e1dfac79b53972a9ba73ebc3b02ade7921f9d3e602a10edb5b6d54a03e240
                              • Instruction Fuzzy Hash: 03119472B09646E2EE609F25E9501B9E374AB1DB8CF584431CA4D8F3A1DF2CE591C380
                              Function 00007FF66B154370 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID: random_device could not be read
                              • API String ID: 0-883157155
                              • Opcode ID: b7adfb6ff067615701c187db3c339df28920f5c274586aa2b6295ef7953e7104
                              • Instruction ID: d8b68d8f8ae7f49b07a4cd13726049f55f392f3c760ffe3b5e18eec6c9f2dced
                              • Opcode Fuzzy Hash: b7adfb6ff067615701c187db3c339df28920f5c274586aa2b6295ef7953e7104
                              • Instruction Fuzzy Hash: 8B01A577B1A512E5FA115B29E501178A3B46B4D7A8F484530DE1C8B3B4DE38E892C708
                              Function 00007FF66B13A860 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-3474627141
                              • Opcode ID: 7cba518cbd68afaaa035795e651e1b2a5dfcc68d27e1558acfada10b5381ce34
                              • Instruction ID: a4253b93d5b1deb56d3a73f3ab5aedab44e652c91ca8540204bff57b941a835e
                              • Opcode Fuzzy Hash: 7cba518cbd68afaaa035795e651e1b2a5dfcc68d27e1558acfada10b5381ce34
                              • Instruction Fuzzy Hash: D501A562908E84D6D6168F1CD4011FAB374FF5D75EF245325EA8C6A230EF29D543C700
                              Function 00007FF66B13A940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-4273532761
                              • Opcode ID: 06d7f25b42b335a6d39626709fba0da1e6bd412956792726a883ca79f5a9dd90
                              • Instruction ID: a72f93c6ae4931246485761b9b2c5980c2ddaac00a72165348607bfa96c254e2
                              • Opcode Fuzzy Hash: 06d7f25b42b335a6d39626709fba0da1e6bd412956792726a883ca79f5a9dd90
                              • Instruction Fuzzy Hash: A5F04F12918E84C2D2129F18A4001BBB374FF5E78DF285326EA8D6A535DF28D9838700
                              Function 00007FF66B13A920 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-4064033741
                              • Opcode ID: f2a51b33a73adb0c17cee875df969e7a1fd5de8da9e96991e8b5ef9222c603b3
                              • Instruction ID: cb5e83da1d7425e21d99d7a2ec6b2004838c34dc597a730e9db4900d14f67e21
                              • Opcode Fuzzy Hash: f2a51b33a73adb0c17cee875df969e7a1fd5de8da9e96991e8b5ef9222c603b3
                              • Instruction Fuzzy Hash: 69F04F12918E84C2D2129F18A4001BBB374FF5E78DF285326EA8D6A175DF28D5838700
                              Function 00007FF66B13A930 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-2187435201
                              • Opcode ID: 819b97ec33a940c195b786b9d3aa486cf7cb18825143c4cd1f47cb55bac76b61
                              • Instruction ID: 1b1a077a65adf935480e47901f4967d066edc4cac4fd9a244eb368c0b80af061
                              • Opcode Fuzzy Hash: 819b97ec33a940c195b786b9d3aa486cf7cb18825143c4cd1f47cb55bac76b61
                              • Instruction Fuzzy Hash: 0CF04F12918E84C2D6129F19A4001BBB374FF5E78DF285326EA8D6E175DF28D5838700
                              Function 00007FF66B13A900 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-2713391170
                              • Opcode ID: 210ac2638238c34202608c45c59e2a9818879b13fedbd679fc2f2c4b1c69e67e
                              • Instruction ID: 468f76fd336ef9b5b344f7496c4c96f7ee5b64f1fba33396f2c3d74a610e7e62
                              • Opcode Fuzzy Hash: 210ac2638238c34202608c45c59e2a9818879b13fedbd679fc2f2c4b1c69e67e
                              • Instruction Fuzzy Hash: 59F04F12918E84C2D2129F18A4001BBB374FF5E78DF285326EA8D6A175DF28D5838700
                              Function 00007FF66B13A910 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-4283191376
                              • Opcode ID: 720e28e65639f37131c431d2c4d43377f9814baac96bcc64b6cad2ad33369ccf
                              • Instruction ID: 7b0947523cbfc024131cc22105f3b9a2730c60c165386d5937fa3f828652af5a
                              • Opcode Fuzzy Hash: 720e28e65639f37131c431d2c4d43377f9814baac96bcc64b6cad2ad33369ccf
                              • Instruction Fuzzy Hash: 47F04F12918E84C2D2129F19A4001BBB374FF5E78DF285326EA8D6A175DF28D5838700
                              Function 00007FF66B13A898 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000000.00000002.2027310223.00007FF66B121000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF66B120000, based on PE: true
                              • Associated: 00000000.00000002.2027285620.00007FF66B120000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027359204.00007FF66B15E000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027391261.00007FF66B15F000.00000002.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027509339.00007FF66B29D000.00000004.00000001.01000000.00000003.sdmpDownload File
                              • Associated: 00000000.00000002.2027547427.00007FF66B2A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_0_2_7ff66b120000_RUN.jbxd
                              Similarity
                              • API ID: fprintf
                              • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                              • API String ID: 383729395-2468659920
                              • Opcode ID: 8ef68f5c87c57c10b600611a8e189b37a3e6596aec13e4f0b3ceab8f41f38459
                              • Instruction ID: 5345543bbcd1d7c0b475be192ecf9e5bd6626158395864548eb2e7c9a77947ae
                              • Opcode Fuzzy Hash: 8ef68f5c87c57c10b600611a8e189b37a3e6596aec13e4f0b3ceab8f41f38459
                              • Instruction Fuzzy Hash: DEF01D22918E84C2D2129F29E4001ABB374FF5EB9DF285326EE8D6E535DF28D5838700

                              Execution Graph

                              Execution Coverage:5.9%
                              Dynamic/Decrypted Code Coverage:0%
                              Signature Coverage:4.8%
                              Total number of Nodes:1776
                              Total number of Limit Nodes:101
                              execution_graph 51798 140040e04 51799 140040e17 51798->51799 51800 14004116d 51798->51800 51812 140045ac0 51799->51812 51831 14003e530 42 API calls ISource 51800->51831 51803 140041178 51804 140041037 51804->51800 51811 1400410b2 ISource 51804->51811 51805 140040e24 51810 140040e8f ISource 51805->51810 51823 140049870 42 API calls 2 library calls 51805->51823 51807 140049870 42 API calls 51807->51810 51809 14004114f 51810->51804 51810->51807 51824 1400b3040 51811->51824 51813 140045af7 51812->51813 51814 140045b51 51812->51814 51816 140045b32 51813->51816 51817 140045b0e 51813->51817 51821 140045b00 51813->51821 51843 14002b320 42 API calls 2 library calls 51814->51843 51819 1400b3188 std::_Facet_Register 42 API calls 51816->51819 51817->51814 51832 1400b3188 51817->51832 51819->51821 51822 140045b77 ISource 51821->51822 51842 140049cf0 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind _Strcoll 51821->51842 51822->51805 51823->51805 51825 1400b3049 51824->51825 51826 1400b3054 51825->51826 51827 1400b353c IsProcessorFeaturePresent 51825->51827 51826->51809 51828 1400b3554 51827->51828 51862 1400b3734 RtlCaptureContext RtlVirtualUnwind capture_previous_context 51828->51862 51830 1400b3567 51830->51809 51831->51803 51835 1400b3193 51832->51835 51834 1400b31ac 51834->51821 51835->51834 51837 1400b31b2 51835->51837 51844 1400ae6f4 51835->51844 51847 14009ea88 51835->51847 51838 1400b31bd 51837->51838 51854 1400b40bc RtlPcToFileHeader Concurrency::cancel_current_task std::bad_alloc::bad_alloc 51837->51854 51855 14002b320 42 API calls 2 library calls 51838->51855 51841 1400b31c3 51842->51814 51843->51822 51856 1400ae730 51844->51856 51846 1400ae702 51846->51835 51852 1400a4dd8 _Strcoll 51847->51852 51848 1400a4e23 51861 14009b1cc 6 API calls _Strcoll 51848->51861 51850 1400a4e0a HeapAlloc 51851 1400a4e21 51850->51851 51850->51852 51851->51835 51852->51848 51852->51850 51853 1400ae6f4 std::_Facet_Register LeaveCriticalSection 51852->51853 51853->51852 51854->51838 51855->51841 51857 1400ae73d 51856->51857 51860 1400a15e4 LeaveCriticalSection 51857->51860 51859 1400ae75b 51859->51846 51861->51851 51862->51830 51863 14009ec84 51874 14009eae8 51863->51874 51866 14009ece1 51867 14009ecaa 51866->51867 51869 14009ed21 51866->51869 51892 1400a37d8 40 API calls 2 library calls 51866->51892 51880 14009eb10 51869->51880 51872 14009ed15 51872->51869 51893 1400a3eb4 6 API calls 2 library calls 51872->51893 51875 14009eaf1 51874->51875 51877 14009eb01 51874->51877 51894 14009b1cc 6 API calls _Strcoll 51875->51894 51877->51866 51877->51867 51891 14009ec08 40 API calls ProcessCodePage 51877->51891 51878 14009eaf6 51895 140096d08 40 API calls _invalid_parameter_noinfo 51878->51895 51881 14009eae8 _fread_nolock 40 API calls 51880->51881 51882 14009eb35 51881->51882 51883 14009eb44 51882->51883 51884 14009ebd5 51882->51884 51886 14009eb62 51883->51886 51889 14009eb80 51883->51889 51905 1400a2000 40 API calls 2 library calls 51884->51905 51904 1400a2000 40 API calls 2 library calls 51886->51904 51888 14009eb70 51888->51867 51889->51888 51896 1400a4b08 51889->51896 51891->51866 51892->51872 51893->51869 51894->51878 51895->51877 51897 1400a4b38 51896->51897 51906 1400a4934 51897->51906 51899 1400a4b51 51901 1400a4b77 51899->51901 51913 140094cc8 40 API calls 2 library calls 51899->51913 51903 1400a4b8c 51901->51903 51914 140094cc8 40 API calls 2 library calls 51901->51914 51903->51888 51904->51888 51905->51888 51907 1400a497d 51906->51907 51912 1400a4961 51906->51912 51908 1400a4a0b 51907->51908 51910 1400a49b5 51907->51910 51918 140096c38 40 API calls _invalid_parameter_noinfo 51908->51918 51910->51912 51915 1400a4a5c 51910->51915 51912->51899 51913->51901 51914->51903 51919 1400aa304 51915->51919 51917 1400a4a83 __std_fs_directory_iterator_open ProcessCodePage _fread_nolock 51917->51912 51918->51912 51920 1400aa30d 51919->51920 51921 1400aa322 51919->51921 51931 14009b1ac 6 API calls _Strcoll 51920->51931 51926 1400aa31a 51921->51926 51933 14009b1ac 6 API calls _Strcoll 51921->51933 51924 1400aa312 51932 14009b1cc 6 API calls _Strcoll 51924->51932 51926->51917 51927 1400aa35d 51934 14009b1cc 6 API calls _Strcoll 51927->51934 51929 1400aa365 51935 140096d08 40 API calls _invalid_parameter_noinfo 51929->51935 51931->51924 51932->51926 51933->51927 51934->51929 51935->51926 51936 140050d00 51937 140050d18 51936->51937 51941 140050d24 _Yarn 51936->51941 51938 140050d35 _Yarn 51939 140050e6e 51939->51938 51942 140096534 _fread_nolock 45 API calls 51939->51942 51941->51938 51941->51939 51943 140096534 51941->51943 51942->51938 51946 140096554 51943->51946 51945 14009654c 51945->51941 51947 14009657e 51946->51947 51948 1400965ad 51946->51948 51947->51948 51949 1400965ca 51947->51949 51950 14009658d shared_ptr 51947->51950 51948->51945 51955 1400962d4 51949->51955 51970 14009b1cc 6 API calls _Strcoll 51950->51970 51953 1400965a2 51971 140096d08 40 API calls _invalid_parameter_noinfo 51953->51971 51959 1400962fb shared_ptr 51955->51959 51962 140096315 51955->51962 51956 140096305 51992 14009b1cc 6 API calls _Strcoll 51956->51992 51958 14009630a 51993 140096d08 40 API calls _invalid_parameter_noinfo 51958->51993 51959->51956 51959->51962 51968 140096372 shared_ptr _Yarn 51959->51968 51962->51948 51963 1400964f3 shared_ptr 52060 14009b1cc 6 API calls _Strcoll 51963->52060 51964 14009eae8 _fread_nolock 40 API calls 51964->51968 51968->51962 51968->51963 51968->51964 51972 1400a2934 51968->51972 51994 14009b1cc 6 API calls _Strcoll 51968->51994 51995 140096d08 40 API calls _invalid_parameter_noinfo 51968->51995 51996 1400a44e8 51968->51996 51970->51953 51971->51948 51973 1400a2951 51972->51973 51977 1400a2966 51972->51977 52086 14009b1cc 6 API calls _Strcoll 51973->52086 51975 1400a2956 52087 140096d08 40 API calls _invalid_parameter_noinfo 51975->52087 51978 1400a29a9 51977->51978 51985 1400a2961 51977->51985 52088 1400a3eb4 6 API calls 2 library calls 51977->52088 51980 14009eae8 _fread_nolock 40 API calls 51978->51980 51981 1400a29bb 51980->51981 52061 1400a43cc 51981->52061 51983 1400a29c8 51984 14009eae8 _fread_nolock 40 API calls 51983->51984 51983->51985 51986 1400a29e9 51984->51986 51985->51968 51986->51985 51987 14009eae8 _fread_nolock 40 API calls 51986->51987 51988 1400a29f5 51987->51988 51988->51985 51989 14009eae8 _fread_nolock 40 API calls 51988->51989 51990 1400a2a02 51989->51990 51991 14009eae8 _fread_nolock 40 API calls 51990->51991 51991->51985 51992->51958 51993->51962 51994->51968 51995->51968 51997 1400a450b 51996->51997 51998 1400a4523 51996->51998 52106 14009b1ac 6 API calls _Strcoll 51997->52106 52000 1400a4907 51998->52000 52005 1400a4572 51998->52005 52126 14009b1ac 6 API calls _Strcoll 52000->52126 52002 1400a4510 52107 14009b1cc 6 API calls _Strcoll 52002->52107 52003 1400a490c 52127 14009b1cc 6 API calls _Strcoll 52003->52127 52007 1400a457b 52005->52007 52008 1400a4518 52005->52008 52012 1400a45a9 52005->52012 52108 14009b1ac 6 API calls _Strcoll 52007->52108 52008->51968 52009 1400a4588 52128 140096d08 40 API calls _invalid_parameter_noinfo 52009->52128 52011 1400a4580 52109 14009b1cc 6 API calls _Strcoll 52011->52109 52015 1400a45cf 52012->52015 52016 1400a460c 52012->52016 52017 1400a45de 52012->52017 52015->52017 52022 1400a45fa 52015->52022 52113 1400a4dd8 7 API calls 2 library calls 52016->52113 52110 14009b1ac 6 API calls _Strcoll 52017->52110 52020 1400a461f 52114 1400a2438 52020->52114 52021 1400a45e3 52111 14009b1cc 6 API calls _Strcoll 52021->52111 52098 1400ae440 52022->52098 52028 1400a45ea 52112 140096d08 40 API calls _invalid_parameter_noinfo 52028->52112 52029 1400a2438 __free_lconv_num 6 API calls 52032 1400a4630 52029->52032 52030 1400a4755 52033 1400a47b4 ReadFile 52030->52033 52042 1400a475f _fread_nolock 52030->52042 52035 1400a4653 52032->52035 52036 1400a4638 52032->52036 52037 1400a47db 52033->52037 52038 1400a48cd __std_fs_directory_iterator_open 52033->52038 52034 1400a4741 GetConsoleMode 52034->52030 52120 1400a4bac 40 API calls 2 library calls 52035->52120 52118 14009b1cc 6 API calls _Strcoll 52036->52118 52037->52038 52041 1400a47a3 52037->52041 52046 1400a48d8 52038->52046 52050 1400a4784 __std_fs_directory_iterator_open 52038->52050 52048 1400a483b 52041->52048 52049 1400a4816 52041->52049 52059 1400a45f5 52041->52059 52042->52041 52042->52050 52043 1400a2438 __free_lconv_num 6 API calls 52043->52008 52044 1400a463d 52119 14009b1ac 6 API calls _Strcoll 52044->52119 52045 1400a4661 52045->52022 52124 14009b1cc 6 API calls _Strcoll 52046->52124 52053 1400a48bb 52048->52053 52048->52059 52122 1400a40f8 41 API calls 3 library calls 52049->52122 52050->52059 52121 14009b140 6 API calls 2 library calls 52050->52121 52123 1400a3f20 41 API calls _fread_nolock 52053->52123 52055 1400a48dd 52125 14009b1ac 6 API calls _Strcoll 52055->52125 52058 1400a4648 52058->52059 52059->52043 52060->51958 52062 1400a440e 52061->52062 52063 1400a43f6 52061->52063 52065 1400a44b0 52062->52065 52069 1400a4446 52062->52069 52089 14009b1ac 6 API calls _Strcoll 52063->52089 52095 14009b1ac 6 API calls _Strcoll 52065->52095 52066 1400a43fb 52090 14009b1cc 6 API calls _Strcoll 52066->52090 52071 1400a444f 52069->52071 52072 1400a4464 52069->52072 52070 1400a44b5 52096 14009b1cc 6 API calls _Strcoll 52070->52096 52091 14009b1ac 6 API calls _Strcoll 52071->52091 52077 1400a4481 52072->52077 52078 1400a4496 52072->52078 52074 1400a445c 52097 140096d08 40 API calls _invalid_parameter_noinfo 52074->52097 52076 1400a4454 52092 14009b1cc 6 API calls _Strcoll 52076->52092 52093 14009b1cc 6 API calls _Strcoll 52077->52093 52082 1400a44e8 _fread_nolock 45 API calls 52078->52082 52085 1400a4403 52082->52085 52083 1400a4486 52094 14009b1ac 6 API calls _Strcoll 52083->52094 52085->51983 52086->51975 52087->51985 52088->51978 52089->52066 52090->52085 52091->52076 52092->52074 52093->52083 52094->52085 52095->52070 52096->52074 52097->52085 52099 1400ae449 52098->52099 52100 1400ae456 52098->52100 52129 14009b1cc 6 API calls _Strcoll 52099->52129 52103 1400a4721 52100->52103 52130 14009b1cc 6 API calls _Strcoll 52100->52130 52103->52030 52103->52034 52104 1400ae48d 52131 140096d08 40 API calls _invalid_parameter_noinfo 52104->52131 52106->52002 52107->52008 52108->52011 52109->52009 52110->52021 52111->52028 52112->52059 52113->52020 52115 1400a246c 52114->52115 52116 1400a243d __std_fs_directory_iterator_open __free_lconv_num 52114->52116 52115->52029 52116->52115 52132 14009b1cc 6 API calls _Strcoll 52116->52132 52118->52044 52119->52058 52120->52045 52121->52059 52122->52059 52123->52058 52124->52055 52125->52059 52126->52003 52127->52009 52128->52008 52129->52103 52130->52104 52131->52103 52132->52115 52133 14005fb20 52194 14002e510 52133->52194 52136 14002e510 49 API calls 52137 1400603f4 52136->52137 52150 140060816 ISource 52137->52150 52200 14002cf00 52137->52200 52139 1400b3040 _Strcoll 3 API calls 52141 140060841 52139->52141 52149 1400607dd 52149->52150 52151 14006085d 52149->52151 52150->52139 52247 1400443c0 52151->52247 52155 1400608ad 52260 14002dbf0 52155->52260 52157 1400608bd 52158 14002dbf0 43 API calls 52157->52158 52159 1400608cf 52158->52159 52160 14002dbf0 43 API calls 52159->52160 52161 1400608df 52160->52161 52162 14002dbf0 43 API calls 52161->52162 52163 140060907 52162->52163 52164 14002c990 RtlPcToFileHeader 52163->52164 52165 140060919 52164->52165 52166 14002dbf0 43 API calls 52165->52166 52167 14006092f 52166->52167 52168 14002c990 RtlPcToFileHeader 52167->52168 52169 140060941 52168->52169 52170 14002cf00 42 API calls 52169->52170 52171 140060997 52170->52171 52172 14002cd90 43 API calls 52171->52172 52173 1400609a8 52172->52173 52174 140080220 105 API calls 52173->52174 52175 1400610fe 52174->52175 52176 14003fca0 57 API calls 52175->52176 52177 14006141e 52176->52177 52178 140044050 42 API calls 52177->52178 52179 14006145e 52178->52179 52180 14002e470 52 API calls 52179->52180 52183 140061e03 52179->52183 52181 14006147a 52180->52181 52181->52183 52184 140061f17 52181->52184 52182 140030d20 109 API calls 52190 140061e8e 52182->52190 52183->52182 52185 14002c990 RtlPcToFileHeader 52184->52185 52186 140061f1c 52185->52186 52187 14002dc60 43 API calls 52186->52187 52188 140061f39 52187->52188 52189 14002dbf0 43 API calls 52188->52189 52193 140061f50 52189->52193 52191 1400b3040 _Strcoll IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind 52190->52191 52192 140061ee8 52191->52192 52195 14002e541 52194->52195 52266 1400b947c 52195->52266 52198 1400b3040 _Strcoll 3 API calls 52199 14002e5e2 52198->52199 52199->52136 52201 14002cf29 52200->52201 52311 1400348f0 52201->52311 52203 14002cfba 52204 14002cd90 52203->52204 52205 14002cdc0 52204->52205 52325 1400b912c 52205->52325 52207 14002ce5a 52215 140062b00 52207->52215 52208 14002cdcc __std_fs_convert_wide_to_narrow 52208->52207 52209 14002cea9 52208->52209 52330 14003f800 52208->52330 52337 14002bf50 RtlPcToFileHeader Concurrency::cancel_current_task 52209->52337 52213 14002ce30 __std_fs_convert_wide_to_narrow 52213->52207 52336 14002bf50 RtlPcToFileHeader Concurrency::cancel_current_task 52213->52336 52216 140062b26 52215->52216 52412 140064690 52216->52412 52218 14006044b 52219 140080e60 52218->52219 52418 140080220 52219->52418 52222 140080eba 52224 140030d20 109 API calls 52222->52224 52225 140080f2d 52224->52225 52226 1400b3040 _Strcoll 3 API calls 52225->52226 52227 1400604fd 52226->52227 52228 140030d20 52227->52228 52229 140030d62 ISource 52228->52229 52230 140030d34 52228->52230 52229->52149 52230->52229 53042 14002ed30 52230->53042 52233 140030dc3 52237 140030e7f ISource 52233->52237 52243 14003106e 52233->52243 53052 14002ff70 109 API calls 2 library calls 52233->53052 52236 140031079 52240 14002c990 RtlPcToFileHeader 52236->52240 52237->52243 53047 14002f420 52237->53047 52238 1400b3040 _Strcoll 3 API calls 52239 140031055 52238->52239 52239->52149 52242 14003107f 52240->52242 52241 140030ed5 52241->52236 52246 140031024 ISource 52241->52246 53053 14002ff70 109 API calls 2 library calls 52241->53053 53054 14002c990 52243->53054 52245 140030ff1 52245->52243 52245->52246 52246->52238 52248 140044417 52247->52248 53058 14002e610 52248->53058 52250 140044455 ISource 52252 140044624 52250->52252 53065 1400b4f20 52250->53065 52253 1400445a4 ISource 52253->52252 52254 1400b3040 _Strcoll 3 API calls 52253->52254 52255 140044616 52254->52255 52256 1400b5694 52255->52256 52257 1400b56b3 52256->52257 52258 1400b56dc RtlPcToFileHeader 52257->52258 52259 1400b56f4 Concurrency::cancel_current_task 52257->52259 52258->52259 52259->52155 52261 14002dc09 52260->52261 53072 14002d590 43 API calls ISource 52261->53072 52263 14002dc40 52264 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52263->52264 52265 14002dc51 52264->52265 52267 1400b94be 52266->52267 52268 1400b95d9 52267->52268 52270 1400b951f GetFileAttributesExW 52267->52270 52281 1400b94c7 __std_fs_directory_iterator_open 52267->52281 52306 1400b9850 CreateFileW __std_fs_directory_iterator_open 52268->52306 52269 1400b3040 _Strcoll 3 API calls 52271 14002e55d 52269->52271 52273 1400b9533 __std_fs_directory_iterator_open 52270->52273 52280 1400b9561 __std_fs_directory_iterator_open 52270->52280 52271->52198 52279 1400b9542 FindFirstFileW 52273->52279 52273->52281 52274 1400b95fc 52275 1400b96cf 52274->52275 52276 1400b9631 GetFileInformationByHandleEx 52274->52276 52287 1400b9602 ProcessCodePage 52274->52287 52278 1400b96ea GetFileInformationByHandleEx 52275->52278 52275->52287 52277 1400b9671 52276->52277 52284 1400b964b __std_fs_directory_iterator_open ProcessCodePage 52276->52284 52277->52275 52282 1400b9692 GetFileInformationByHandleEx 52277->52282 52286 1400b9700 __std_fs_directory_iterator_open ProcessCodePage 52278->52286 52278->52287 52279->52280 52279->52281 52280->52268 52280->52281 52281->52269 52282->52275 52291 1400b96ae __std_fs_directory_iterator_open ProcessCodePage 52282->52291 52283 1400b9791 52307 14009ea90 40 API calls __std_fs_directory_iterator_open 52283->52307 52290 1400b97a2 52284->52290 52294 1400b961b 52284->52294 52292 1400b979c 52286->52292 52286->52294 52287->52281 52287->52283 52287->52294 52288 1400b9796 52308 14009ea90 40 API calls __std_fs_directory_iterator_open 52288->52308 52310 14009ea90 40 API calls __std_fs_directory_iterator_open 52290->52310 52291->52288 52291->52294 52309 14009ea90 40 API calls __std_fs_directory_iterator_open 52292->52309 52294->52281 52306->52274 52314 140034916 52311->52314 52320 140034a14 52311->52320 52312 140034921 _Yarn 52312->52203 52314->52312 52315 140034a0f 52314->52315 52317 1400349d2 52314->52317 52318 14003497a 52314->52318 52323 14002b320 42 API calls 2 library calls 52315->52323 52319 1400b3188 std::_Facet_Register 42 API calls 52317->52319 52318->52315 52321 140034987 52318->52321 52319->52312 52324 14002b3e0 42 API calls 52320->52324 52322 1400b3188 std::_Facet_Register 42 API calls 52321->52322 52322->52312 52323->52320 52338 1400ab440 52325->52338 52328 1400b914b 52328->52208 52329 1400b913e AreFileApisANSI 52329->52328 52331 14003f824 52330->52331 52332 14003f80d 52330->52332 52333 14003f83e shared_ptr 52331->52333 52398 140045680 52331->52398 52332->52213 52333->52213 52335 14003f88c 52335->52213 52343 14009f0c0 52338->52343 52344 14009f0d5 __std_fs_directory_iterator_open 52343->52344 52345 14009f101 FlsSetValue 52344->52345 52346 14009f0e4 FlsGetValue 52344->52346 52348 14009f113 52345->52348 52362 14009f0f1 ProcessCodePage 52345->52362 52347 14009f0fb 52346->52347 52346->52362 52347->52345 52387 1400a2aa0 52348->52387 52351 14009f140 FlsSetValue 52355 14009f14c FlsSetValue 52351->52355 52356 14009f15e 52351->52356 52352 14009f130 FlsSetValue 52354 14009f139 52352->52354 52353 14009f17a 52383 1400a1348 52353->52383 52359 1400a2438 __free_lconv_num 6 API calls 52354->52359 52355->52354 52394 14009ee70 6 API calls _Strcoll 52356->52394 52359->52362 52360 14009f166 52363 1400a2438 __free_lconv_num 6 API calls 52360->52363 52362->52353 52395 14009ea90 40 API calls __std_fs_directory_iterator_open 52362->52395 52363->52362 52384 1400a135d 52383->52384 52385 1400a1370 52383->52385 52384->52385 52397 1400aa6b0 40 API calls 2 library calls 52384->52397 52385->52328 52385->52329 52392 1400a2ab1 _Strcoll 52387->52392 52388 1400a2b02 52396 14009b1cc 6 API calls _Strcoll 52388->52396 52389 1400a2ae6 HeapAlloc 52390 14009f122 52389->52390 52389->52392 52390->52351 52390->52352 52392->52388 52392->52389 52393 1400ae6f4 std::_Facet_Register LeaveCriticalSection 52392->52393 52393->52392 52394->52360 52396->52390 52397->52385 52399 14004580f 52398->52399 52404 1400456af 52398->52404 52410 14002b3e0 42 API calls 52399->52410 52401 140045719 52403 1400b3188 std::_Facet_Register 42 API calls 52401->52403 52402 140045814 52411 14002b320 42 API calls 2 library calls 52402->52411 52407 1400456ff ISource shared_ptr _Yarn 52403->52407 52404->52401 52405 140045748 52404->52405 52406 14004570c 52404->52406 52404->52407 52409 1400b3188 std::_Facet_Register 42 API calls 52405->52409 52406->52401 52406->52402 52407->52335 52409->52407 52411->52407 52413 140064755 52412->52413 52416 1400646c0 _Yarn 52412->52416 52417 140068a50 42 API calls 4 library calls 52413->52417 52415 14006476a 52415->52218 52416->52218 52417->52415 52419 14002e510 49 API calls 52418->52419 52422 14008026f shared_ptr 52419->52422 52420 1400802a7 52421 1400802af 52420->52421 52471 1400809bf 52420->52471 52424 1400b3040 _Strcoll 3 API calls 52421->52424 52422->52420 52422->52421 52477 140090530 52422->52477 52425 140080951 52424->52425 52425->52222 52472 140042000 52425->52472 52427 1400802ee 52428 140080351 52427->52428 52429 140080745 52427->52429 52530 14008b4f0 22 API calls 3 library calls 52428->52530 52494 1400548e0 52429->52494 52432 1400809d6 52435 14002c7e0 42 API calls 52432->52435 52438 140080a00 52435->52438 52437 140080363 52531 14008b700 54 API calls 6 library calls 52437->52531 52441 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52438->52441 52440 140080374 52442 14008045c GetFileSize 52440->52442 52450 140080387 52440->52450 52443 140080a11 52441->52443 52447 14008049d 52442->52447 52453 140080478 shared_ptr 52442->52453 52444 1400548e0 44 API calls 52445 1400807aa 52444->52445 52513 14008ee80 52445->52513 52446 1400803ce ISource 52532 140051500 42 API calls 52446->52532 52447->52453 52454 140045680 42 API calls 52447->52454 52448 140080771 52448->52444 52450->52432 52450->52446 52452 140080502 SetFilePointer ReadFile 52461 140080662 52452->52461 52464 140080551 52452->52464 52453->52452 52454->52452 52456 14008041f 52456->52421 52459 1400805d4 ISource 52533 140051500 42 API calls 52459->52533 52460 1400806b7 ISource 52534 140051500 42 API calls 52460->52534 52461->52432 52461->52460 52463 14008086d 52535 140051500 42 API calls 52463->52535 52464->52432 52464->52459 52467 14008096c 52536 14002c7e0 52467->52536 52470 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52470->52471 52539 14002dc60 52471->52539 52473 14003f800 42 API calls 52472->52473 52474 14004206a 52473->52474 52475 14003f800 42 API calls 52474->52475 52476 14004217d 52475->52476 52476->52222 52545 1400417a0 52477->52545 52484 14009063f 52571 140051ac0 40 API calls _Strcoll 52484->52571 52485 1400906c8 52488 14002c7e0 42 API calls 52485->52488 52492 140090678 52485->52492 52487 140090651 52572 140053530 53 API calls 4 library calls 52487->52572 52489 140090732 52488->52489 52491 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52489->52491 52493 140090743 ISource 52491->52493 52492->52427 52493->52427 52495 14005493d 52494->52495 52497 140054a23 52494->52497 52811 140055200 52495->52811 52499 14002c7e0 42 API calls 52497->52499 52498 140054962 52503 140054999 52498->52503 52821 140050ab0 52498->52821 52501 140054a65 52499->52501 52500 1400549f0 52509 140054800 52500->52509 52502 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52501->52502 52502->52503 52503->52500 52504 14002c7e0 42 API calls 52503->52504 52505 140054abe 52504->52505 52506 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52505->52506 52507 140054ad2 52506->52507 52510 140054830 52509->52510 52511 140055200 42 API calls 52510->52511 52512 14005483f 52511->52512 52512->52448 52514 14008eedd 52513->52514 52515 14008eef7 52513->52515 52514->52515 52941 140050eb0 52514->52941 52517 14008ef9a 52515->52517 52960 1400945c0 52515->52960 52519 14008efa5 ISource 52517->52519 52971 1400412f0 42 API calls Concurrency::cancel_current_task 52517->52971 52520 1400b3040 _Strcoll 3 API calls 52519->52520 52522 14008f069 52519->52522 52521 14008080d 52520->52521 52521->52432 52524 140051bc0 52521->52524 52525 140051bda 52524->52525 52529 140051c2a 52524->52529 52526 1400519d0 41 API calls 52525->52526 52527 140051c14 52526->52527 52528 140095680 41 API calls 52527->52528 52528->52529 52529->52463 52529->52467 52530->52437 52531->52440 52532->52456 52533->52456 52534->52456 52535->52421 53023 14002b990 52536->53023 52538 14002c803 52538->52470 52540 14002dc81 52539->52540 53041 14002d590 43 API calls ISource 52540->53041 52542 14002dca3 52543 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52542->52543 52544 14002dcb4 52543->52544 52546 1400b3188 std::_Facet_Register 42 API calls 52545->52546 52547 140041801 52546->52547 52573 1400ba6a0 52547->52573 52549 140041811 52582 140041b00 52549->52582 52552 14004189e 52553 1400418ab 52552->52553 52597 1400ba96c EnterCriticalSection GetProcAddress std::_Lockit::_Lockit 52552->52597 52560 140051fa0 52553->52560 52555 1400418c6 52556 14002c7e0 42 API calls 52555->52556 52557 140041906 52556->52557 52558 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52557->52558 52559 140041917 52558->52559 52608 1400411f0 52560->52608 52563 1400babdc 52564 1400bac22 52563->52564 52570 140090636 52564->52570 52613 1400bc5e8 52564->52613 52566 1400bac55 52566->52570 52630 1400968e4 40 API calls ProcessCodePage 52566->52630 52568 1400bac70 52568->52570 52631 140095680 52568->52631 52570->52484 52570->52485 52571->52487 52572->52492 52598 1400ba07c 52573->52598 52575 1400ba6c2 52579 1400ba724 _Yarn 52575->52579 52602 1400ba898 42 API calls std::_Facet_Register 52575->52602 52577 1400ba6da 52603 1400ba8c8 41 API calls std::locale::_Setgloballocale 52577->52603 52579->52549 52580 1400ba6e5 __std_exception_destroy 52580->52579 52580->52580 52581 14009ea88 _Yarn 7 API calls 52580->52581 52581->52579 52583 1400ba07c std::_Lockit::_Lockit 2 API calls 52582->52583 52584 140041b30 52583->52584 52585 1400ba07c std::_Lockit::_Lockit 2 API calls 52584->52585 52587 140041b55 52584->52587 52585->52587 52586 140041bcd 52588 1400b3040 _Strcoll 3 API calls 52586->52588 52587->52586 52605 14002c480 56 API calls 6 library calls 52587->52605 52589 140041842 52588->52589 52589->52552 52589->52555 52591 140041bdf 52592 140041be5 52591->52592 52593 140041c46 52591->52593 52606 1400ba660 42 API calls std::_Facet_Register 52592->52606 52607 14002bfc0 42 API calls 2 library calls 52593->52607 52596 140041c4b 52597->52553 52599 1400ba08b 52598->52599 52600 1400ba090 52598->52600 52604 1400a1600 EnterCriticalSection GetProcAddress std::_Lockit::_Lockit 52599->52604 52600->52575 52602->52577 52603->52580 52605->52591 52606->52586 52607->52596 52609 1400b3188 std::_Facet_Register 42 API calls 52608->52609 52610 140041267 52609->52610 52611 1400ba6a0 45 API calls 52610->52611 52612 140041277 52611->52612 52612->52485 52612->52563 52614 1400bc514 52613->52614 52615 1400bc53a 52614->52615 52618 1400bc56d 52614->52618 52650 14009b1cc 6 API calls _Strcoll 52615->52650 52617 1400bc53f 52651 140096d08 40 API calls _invalid_parameter_noinfo 52617->52651 52620 1400bc580 52618->52620 52621 1400bc573 52618->52621 52639 1400a2718 52620->52639 52652 14009b1cc 6 API calls _Strcoll 52621->52652 52623 1400bc54a 52623->52566 52626 1400bc594 52653 14009b1cc 6 API calls _Strcoll 52626->52653 52627 1400bc5a1 52645 1400bdd58 52627->52645 52630->52568 52632 1400956b0 52631->52632 52775 140095560 52632->52775 52634 1400956c9 52635 1400956ee 52634->52635 52781 140094cc8 40 API calls 2 library calls 52634->52781 52636 140095703 52635->52636 52782 140094cc8 40 API calls 2 library calls 52635->52782 52636->52570 52640 1400a272f 52639->52640 52654 1400a278c 52640->52654 52642 1400a273a 52662 1400a15e4 LeaveCriticalSection 52642->52662 52644 1400a2765 52644->52626 52644->52627 52664 1400bd9b8 52645->52664 52648 1400bddb2 52648->52623 52650->52617 52651->52623 52652->52623 52653->52623 52655 1400a27bd 52654->52655 52656 1400a2aa0 _Strcoll 6 API calls 52655->52656 52661 1400a2842 52655->52661 52657 1400a2818 52656->52657 52658 1400a2438 __free_lconv_num 6 API calls 52657->52658 52659 1400a2822 52658->52659 52659->52661 52663 1400a3240 GetProcAddress InitializeCriticalSectionAndSpinCount __crtLCMapStringW 52659->52663 52661->52642 52663->52661 52669 1400bd9f3 __crtLCMapStringW 52664->52669 52666 1400bdc91 52683 140096d08 40 API calls _invalid_parameter_noinfo 52666->52683 52668 1400bdbc3 52668->52648 52676 1400bf478 52668->52676 52669->52669 52674 1400bdbba 52669->52674 52679 1400b0998 42 API calls 4 library calls 52669->52679 52671 1400bdc25 52671->52674 52680 1400b0998 42 API calls 4 library calls 52671->52680 52673 1400bdc44 52673->52674 52681 1400b0998 42 API calls 4 library calls 52673->52681 52674->52668 52682 14009b1cc 6 API calls _Strcoll 52674->52682 52684 1400be92c 52676->52684 52678 1400bf4a5 52678->52648 52679->52671 52680->52673 52681->52674 52682->52666 52683->52668 52685 1400be943 52684->52685 52686 1400be961 52684->52686 52735 14009b1cc 6 API calls _Strcoll 52685->52735 52686->52685 52689 1400be97d 52686->52689 52688 1400be948 52736 140096d08 40 API calls _invalid_parameter_noinfo 52688->52736 52693 1400bf088 52689->52693 52692 1400be954 52692->52678 52737 1400bec68 52693->52737 52695 1400bf0cf 52696 1400bf0fd 52695->52696 52697 1400bf115 52695->52697 52762 14009b1ac 6 API calls _Strcoll 52696->52762 52753 1400aa108 52697->52753 52701 1400bf13a CreateFileW 52704 1400bf220 GetFileType 52701->52704 52705 1400bf1a5 52701->52705 52702 1400bf121 52764 14009b1ac 6 API calls _Strcoll 52702->52764 52707 1400bf27e 52704->52707 52708 1400bf22d __std_fs_directory_iterator_open 52704->52708 52710 1400bf1ed __std_fs_directory_iterator_open 52705->52710 52712 1400bf1b3 CreateFileW 52705->52712 52769 1400aa020 7 API calls 2 library calls 52707->52769 52767 14009b140 6 API calls 2 library calls 52708->52767 52709 1400bf126 52765 14009b1cc 6 API calls _Strcoll 52709->52765 52766 14009b140 6 API calls 2 library calls 52710->52766 52712->52704 52712->52710 52716 1400bf2a0 52720 1400bf2f4 52716->52720 52770 1400bee74 46 API calls 2 library calls 52716->52770 52717 1400bf23c ProcessCodePage 52725 1400bf102 52717->52725 52768 14009b1cc 6 API calls _Strcoll 52717->52768 52722 1400bf2fb 52720->52722 52772 1400be9f0 45 API calls 3 library calls 52720->52772 52721 1400bf332 52721->52722 52724 1400bf341 52721->52724 52771 1400a25b0 41 API calls ProcessCodePage 52722->52771 52726 1400bf10e 52724->52726 52728 1400bf3c1 ProcessCodePage 52724->52728 52763 14009b1cc 6 API calls _Strcoll 52725->52763 52726->52692 52729 1400bf3ca CreateFileW 52728->52729 52730 1400bf436 52729->52730 52731 1400bf408 __std_fs_directory_iterator_open 52729->52731 52730->52726 52773 14009b140 6 API calls 2 library calls 52731->52773 52733 1400bf415 52774 1400aa248 7 API calls 2 library calls 52733->52774 52735->52688 52736->52692 52738 1400bec94 52737->52738 52742 1400becae 52737->52742 52739 14009b1cc _Strcoll 6 API calls 52738->52739 52738->52742 52740 1400beca3 52739->52740 52741 140096d08 _invalid_parameter_noinfo 40 API calls 52740->52741 52741->52742 52743 1400bed2e 52742->52743 52747 14009b1cc _Strcoll 6 API calls 52742->52747 52744 1400bed82 52743->52744 52746 14009b1cc _Strcoll 6 API calls 52743->52746 52745 1400bbf40 _get_daylight 40 API calls 52744->52745 52752 1400bedda 52744->52752 52745->52752 52748 1400bed77 52746->52748 52749 1400bed23 52747->52749 52750 140096d08 _invalid_parameter_noinfo 40 API calls 52748->52750 52751 140096d08 _invalid_parameter_noinfo 40 API calls 52749->52751 52750->52744 52751->52743 52752->52695 52759 1400aa12b 52753->52759 52754 1400aa159 52755 1400a15e4 __std_fs_directory_iterator_open LeaveCriticalSection 52754->52755 52757 1400aa229 52755->52757 52756 1400aa154 52758 1400a9e58 8 API calls 52756->52758 52757->52701 52757->52702 52758->52754 52759->52754 52759->52756 52760 1400aa1aa EnterCriticalSection 52759->52760 52760->52754 52761 1400aa1b9 LeaveCriticalSection 52760->52761 52761->52759 52762->52725 52763->52726 52764->52709 52765->52725 52766->52725 52767->52717 52768->52725 52769->52716 52770->52720 52771->52726 52772->52721 52773->52733 52774->52730 52776 14009557b 52775->52776 52778 1400955a9 52775->52778 52797 140096c38 40 API calls _invalid_parameter_noinfo 52776->52797 52780 14009559b 52778->52780 52783 1400955dc 52778->52783 52780->52634 52781->52635 52782->52636 52784 1400955f7 52783->52784 52786 14009561c 52783->52786 52808 140096c38 40 API calls _invalid_parameter_noinfo 52784->52808 52787 140095617 52786->52787 52798 140095390 52786->52798 52787->52780 52792 14009eae8 _fread_nolock 40 API calls 52793 140095640 52792->52793 52809 1400a24ec 41 API calls _invalid_parameter_noinfo 52793->52809 52795 14009564a 52795->52787 52796 1400a2438 __free_lconv_num 6 API calls 52795->52796 52796->52787 52797->52780 52799 1400953e6 52798->52799 52800 1400953b5 52798->52800 52804 1400a2878 52799->52804 52800->52799 52801 14009eae8 _fread_nolock 40 API calls 52800->52801 52802 1400953d6 52801->52802 52810 1400a2000 40 API calls 2 library calls 52802->52810 52805 1400a288b 52804->52805 52806 140095638 52804->52806 52805->52806 52807 1400a2438 __free_lconv_num 6 API calls 52805->52807 52806->52792 52807->52806 52808->52787 52809->52795 52810->52799 52812 140055240 52811->52812 52816 14005521d 52811->52816 52814 14005524e 52812->52814 52831 140046b80 52812->52831 52813 14005523a 52813->52498 52814->52498 52816->52813 52817 14002c7e0 42 API calls 52816->52817 52818 1400552a3 52817->52818 52819 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52818->52819 52820 1400552b4 ISource 52819->52820 52820->52498 52822 140050ae3 52821->52822 52830 140050b3b 52822->52830 52858 1400519d0 52822->52858 52824 1400b3040 _Strcoll 3 API calls 52826 140050ba9 52824->52826 52825 140050b06 52827 140050b26 52825->52827 52825->52830 52868 14009684c 52825->52868 52826->52503 52827->52830 52876 140095e64 52827->52876 52830->52824 52832 140046c40 52831->52832 52833 140046bbe 52831->52833 52834 1400b3040 _Strcoll 3 API calls 52832->52834 52855 1400465a0 42 API calls 52833->52855 52836 140046c6d 52834->52836 52836->52814 52837 140046bcb 52838 140046c2d 52837->52838 52840 140046c82 52837->52840 52838->52832 52856 140047660 42 API calls 2 library calls 52838->52856 52841 14002c7e0 42 API calls 52840->52841 52842 140046cc4 52841->52842 52843 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52842->52843 52844 140046cd5 52843->52844 52845 140046d2b 52844->52845 52846 140046b80 42 API calls 52844->52846 52847 140046dfa 52845->52847 52849 140046e38 52845->52849 52846->52845 52848 140046e0b 52847->52848 52857 140047660 42 API calls 2 library calls 52847->52857 52848->52814 52851 14002c7e0 42 API calls 52849->52851 52852 140046e7a 52851->52852 52853 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 52852->52853 52854 140046e8b 52853->52854 52855->52837 52856->52832 52857->52848 52859 140051aa2 52858->52859 52860 1400519f3 52858->52860 52861 1400b3040 _Strcoll 3 API calls 52859->52861 52860->52859 52863 1400519fd 52860->52863 52862 140051ab1 52861->52862 52862->52825 52866 140051a41 52863->52866 52885 140095dc0 41 API calls ProcessCodePage 52863->52885 52864 1400b3040 _Strcoll 3 API calls 52865 140051a5e 52864->52865 52865->52825 52866->52864 52869 14009687c 52868->52869 52886 1400965fc 52869->52886 52871 140096895 52872 1400968ba 52871->52872 52893 140094cc8 40 API calls 2 library calls 52871->52893 52873 1400968cf 52872->52873 52894 140094cc8 40 API calls 2 library calls 52872->52894 52873->52827 52877 140095e8d 52876->52877 52878 140095e78 52876->52878 52877->52878 52880 140095e92 52877->52880 52915 14009b1cc 6 API calls _Strcoll 52878->52915 52907 1400a3e10 52880->52907 52881 140095e7d 52916 140096d08 40 API calls _invalid_parameter_noinfo 52881->52916 52884 140095e88 52884->52830 52885->52866 52887 140096666 52886->52887 52888 140096626 52886->52888 52887->52888 52890 14009666b 52887->52890 52901 140096c38 40 API calls _invalid_parameter_noinfo 52888->52901 52895 140096774 52890->52895 52891 14009664d 52891->52871 52893->52872 52894->52873 52896 1400967b3 52895->52896 52900 14009679e 52895->52900 52902 140096690 52896->52902 52898 1400967bd 52899 140095390 40 API calls 52898->52899 52898->52900 52899->52900 52900->52891 52901->52891 52903 1400966aa 52902->52903 52904 140096710 52902->52904 52903->52904 52906 1400a4bac 40 API calls 2 library calls 52903->52906 52904->52898 52906->52904 52908 1400a3e40 52907->52908 52917 1400a3924 52908->52917 52910 1400a3e59 52912 1400a3e7f 52910->52912 52923 140094cc8 40 API calls 2 library calls 52910->52923 52914 1400a3e94 52912->52914 52924 140094cc8 40 API calls 2 library calls 52912->52924 52914->52884 52915->52881 52916->52884 52918 1400a393f 52917->52918 52919 1400a396e 52917->52919 52937 140096c38 40 API calls _invalid_parameter_noinfo 52918->52937 52925 1400a3990 52919->52925 52922 1400a395f 52922->52910 52923->52912 52924->52914 52926 1400a39ab 52925->52926 52927 1400a39d4 52925->52927 52938 140096c38 40 API calls _invalid_parameter_noinfo 52926->52938 52929 14009eae8 _fread_nolock 40 API calls 52927->52929 52930 1400a39d9 52929->52930 52931 1400a3a54 52930->52931 52932 1400a3a64 52930->52932 52934 1400a39cb 52930->52934 52939 1400a3c34 41 API calls 2 library calls 52931->52939 52932->52934 52940 1400a3adc 40 API calls _fread_nolock 52932->52940 52934->52922 52936 1400a3a62 52936->52934 52937->52922 52938->52934 52939->52936 52940->52934 52942 140050eed 52941->52942 52944 140050f61 52942->52944 52945 140050f83 52942->52945 52950 140050efd ISource 52942->52950 52943 1400b3040 _Strcoll 3 API calls 52946 14005112f 52943->52946 52972 140095764 52944->52972 52948 140095764 40 API calls 52945->52948 52946->52515 52954 140050fb1 _Yarn 52948->52954 52949 1400510d1 52949->52950 52952 1400511b7 52949->52952 52950->52943 52953 1400511e4 52952->52953 52959 140050eb0 42 API calls 52952->52959 52953->52515 52954->52949 52956 140095764 40 API calls 52954->52956 52958 140051167 52954->52958 52989 140045510 52954->52989 52955 1400511fb 52955->52515 52956->52954 52958->52949 53001 140096244 40 API calls 2 library calls 52958->53001 52959->52955 53017 1400944f0 52960->53017 52962 1400947d2 52962->52517 52964 14009480f 53022 14002b320 42 API calls 2 library calls 52964->53022 52965 1400944f0 42 API calls 52968 1400945fc ISource _Yarn 52965->52968 52966 1400b3188 42 API calls std::_Facet_Register 52966->52968 52968->52962 52968->52964 52968->52965 52968->52966 52970 140094804 52968->52970 52969 140094815 53021 14002b3e0 42 API calls 52970->53021 52973 140095780 52972->52973 52974 14009579e 52972->52974 53008 14009b1cc 6 API calls _Strcoll 52973->53008 52977 140095858 52974->52977 52980 14009eae8 _fread_nolock 40 API calls 52974->52980 52976 140095785 53009 140096d08 40 API calls _invalid_parameter_noinfo 52976->53009 53002 140095720 52977->53002 52983 1400957bf 52980->52983 52981 140095790 52981->52950 52982 14009582d 53010 14009b1cc 6 API calls _Strcoll 52982->53010 52983->52977 52983->52982 52985 140095832 53011 140096d08 40 API calls _invalid_parameter_noinfo 52985->53011 52987 14009583d 53012 1400b52bc RtlUnwind 52987->53012 52990 140045665 52989->52990 52994 14004553f 52989->52994 53015 14002b3e0 42 API calls 52990->53015 52992 1400455a4 52995 1400b3188 std::_Facet_Register 42 API calls 52992->52995 52993 14004566a 53016 14002b320 42 API calls 2 library calls 52993->53016 52994->52992 52997 140045597 52994->52997 52998 1400455d3 52994->52998 53000 14004558a ISource _Yarn 52994->53000 52995->53000 52997->52992 52997->52993 52999 1400b3188 std::_Facet_Register 42 API calls 52998->52999 52999->53000 53000->52954 53001->52958 53003 14009572c 53002->53003 53007 14009573c 53002->53007 53013 14009b1cc 6 API calls _Strcoll 53003->53013 53005 140095731 53014 140096d08 40 API calls _invalid_parameter_noinfo 53005->53014 53007->52981 53008->52976 53009->52981 53010->52985 53011->52987 53012->52981 53013->53005 53014->53007 53016->53000 53018 140094506 53017->53018 53019 140094523 53017->53019 53018->53019 53020 140050eb0 42 API calls 53018->53020 53019->52968 53020->53019 53022->52969 53024 14002b9c3 53023->53024 53027 14003f990 53024->53027 53026 14002b9fa 53030 14003f9be 53027->53030 53028 14003fa9d 53040 14002b3e0 42 API calls 53028->53040 53030->53028 53031 14003fa0a 53030->53031 53033 14003f9da _Yarn 53030->53033 53035 14003fa62 53030->53035 53034 1400b3188 std::_Facet_Register 42 API calls 53031->53034 53036 14003fa20 53031->53036 53033->53026 53034->53036 53037 1400b3188 std::_Facet_Register 42 API calls 53035->53037 53036->53033 53039 14002b320 42 API calls 2 library calls 53036->53039 53037->53033 53039->53028 53041->52542 53043 14002f030 ISource 53042->53043 53044 1400b3040 _Strcoll 3 API calls 53043->53044 53045 14002f342 53043->53045 53046 14002f204 53044->53046 53045->52233 53046->52233 53050 14002f720 ISource 53047->53050 53048 1400b3040 _Strcoll 3 API calls 53051 14002f8f4 53048->53051 53049 14002fa32 53050->53048 53050->53049 53051->52241 53052->52237 53053->52245 53055 14002c9ad 53054->53055 53056 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53055->53056 53057 14002c9be 53056->53057 53059 14002e64b 53058->53059 53060 140045510 42 API calls 53059->53060 53061 14002e780 ISource 53059->53061 53060->53061 53062 1400b3040 _Strcoll 3 API calls 53061->53062 53064 14002e85c ISource __std_exception_destroy 53061->53064 53063 14002e848 53062->53063 53063->52250 53064->52250 53066 1400b4f76 __std_exception_destroy 53065->53066 53067 1400b4f41 53065->53067 53066->52253 53067->53066 53068 14009ea88 _Yarn 7 API calls 53067->53068 53069 1400b4f5f 53068->53069 53069->53066 53071 14009d6ec 40 API calls 2 library calls 53069->53071 53071->53066 53072->52263 53073 14003cc00 53074 14003cc54 shared_ptr 53073->53074 53127 14003de70 53074->53127 53076 14003cc60 53132 140088a60 53076->53132 53078 14003d345 53079 140088a60 45 API calls 53078->53079 53104 14003d366 ISource 53079->53104 53080 14003d4f5 53156 14003dda0 53080->53156 53083 140042000 42 API calls 53086 14003d53e 53083->53086 53085 1400432f0 56 API calls 53097 14003d1bd ISource 53085->53097 53160 1400422d0 42 API calls 2 library calls 53086->53160 53088 140048d50 42 API calls 53088->53097 53089 140041a20 56 API calls 53089->53104 53090 1400432f0 56 API calls 53090->53104 53091 140046b80 42 API calls 53091->53097 53092 140048d50 42 API calls 53092->53104 53093 14003d555 53161 14003e980 42 API calls 3 library calls 53093->53161 53094 14003d899 ISource 53100 1400b3040 _Strcoll 3 API calls 53094->53100 53095 14003d6a6 ISource 53095->53094 53099 14003d8f1 53095->53099 53097->53078 53097->53085 53097->53088 53097->53091 53097->53099 53152 140041a20 53097->53152 53098 140046b80 42 API calls 53098->53104 53144 14008bc70 GetEnvironmentStringsW 53099->53144 53102 14003d8d0 53100->53102 53103 14003d986 shared_ptr 53106 14003de70 57 API calls 53103->53106 53104->53080 53104->53089 53104->53090 53104->53092 53104->53098 53104->53099 53105 14003d60e 53162 14003e980 42 API calls 3 library calls 53105->53162 53120 14003d9a1 ISource _Yarn 53106->53120 53108 14003daaa 53109 14003dda0 42 API calls 53108->53109 53110 14003dab7 53109->53110 53112 140042000 42 API calls 53110->53112 53126 14003dc81 ISource 53110->53126 53113 14003dae7 53112->53113 53178 1400422d0 42 API calls 2 library calls 53113->53178 53116 140041a20 56 API calls 53116->53120 53117 1400b3040 _Strcoll 3 API calls 53118 14003dd62 53117->53118 53119 14003dafe 53179 14003e980 42 API calls 3 library calls 53119->53179 53120->53108 53120->53116 53122 14003dd83 53120->53122 53123 140046b80 42 API calls 53120->53123 53163 140070270 48 API calls 2 library calls 53120->53163 53164 140048d50 53120->53164 53123->53120 53124 14003dbcb 53180 14003e980 42 API calls 3 library calls 53124->53180 53126->53117 53126->53122 53181 140040140 53127->53181 53130 1400411f0 45 API calls 53131 14003df35 53130->53131 53131->53076 53133 140088ad4 RegOpenKeyExA 53132->53133 53134 140088d1b 53133->53134 53140 140088af7 53133->53140 53135 140088d2a 53134->53135 53136 140088d24 RegCloseKey 53134->53136 53138 1400b3040 _Strcoll 3 API calls 53135->53138 53136->53135 53137 140088b04 RegEnumKeyExA 53137->53140 53139 140088d3c 53138->53139 53139->53097 53140->53134 53140->53137 53141 140088d5d 53140->53141 53184 14002b3e0 42 API calls 53141->53184 53148 14008bcc0 ISource 53144->53148 53147 14008bd88 FreeEnvironmentStringsW 53147->53103 53148->53147 53149 14008bdb5 53148->53149 53185 14008f2d0 53148->53185 53197 140092200 53148->53197 53150 14008bdf3 RtlInitUnicodeString RtlInitUnicodeString 53149->53150 53151 14008be24 53149->53151 53150->53103 53151->53103 53153 140041a44 53152->53153 53154 140041b00 56 API calls 53153->53154 53155 140041a56 53154->53155 53155->53097 53157 14003dde8 53156->53157 53158 14003d50e 53157->53158 53251 1400412f0 42 API calls Concurrency::cancel_current_task 53157->53251 53158->53083 53158->53095 53160->53093 53161->53105 53162->53095 53163->53120 53165 140048d94 53164->53165 53166 140046b80 42 API calls 53165->53166 53168 140048dc9 53165->53168 53166->53168 53167 140048dfd 53169 140048fc5 53167->53169 53170 140048f7c 53167->53170 53168->53167 53252 14003f1e0 53168->53252 53173 14002c7e0 42 API calls 53169->53173 53171 140048f8d 53170->53171 53256 140047660 42 API calls 2 library calls 53170->53256 53171->53120 53174 140049009 53173->53174 53175 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53174->53175 53176 14004901a 53175->53176 53178->53119 53179->53124 53180->53126 53182 1400417a0 57 API calls 53181->53182 53183 14003df04 53182->53183 53183->53130 53187 14008f2ff _Yarn 53185->53187 53188 14008f310 53185->53188 53187->53148 53188->53187 53190 14008f3c7 53188->53190 53192 14008f373 53188->53192 53193 14008f40f 53188->53193 53196 14008f388 53188->53196 53194 1400b3188 std::_Facet_Register 42 API calls 53190->53194 53195 1400b3188 std::_Facet_Register 42 API calls 53192->53195 53192->53196 53240 14002b3e0 42 API calls 53193->53240 53194->53187 53195->53196 53196->53187 53239 14002b320 42 API calls 2 library calls 53196->53239 53198 1400923e0 53197->53198 53202 140092242 53197->53202 53244 14003e530 42 API calls ISource 53198->53244 53199 1400923db 53243 14002b320 42 API calls 2 library calls 53199->53243 53202->53199 53203 1400922d4 53202->53203 53204 1400922a6 53202->53204 53211 14009228d 53202->53211 53206 1400b3188 std::_Facet_Register 42 API calls 53203->53206 53204->53199 53205 1400922b3 53204->53205 53209 1400b3188 std::_Facet_Register 42 API calls 53205->53209 53206->53211 53207 140092342 53242 140094820 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind _Strcoll 53207->53242 53209->53211 53211->53207 53214 14009236c 53211->53214 53241 140094820 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind _Strcoll 53211->53241 53212 1400925e9 53248 14003e530 42 API calls ISource 53212->53248 53213 1400925e4 53247 14002b320 42 API calls 2 library calls 53213->53247 53214->53212 53214->53213 53216 1400923aa ISource 53214->53216 53218 1400924c4 53214->53218 53219 140092496 53214->53219 53225 14009247d 53214->53225 53216->53148 53220 1400b3188 std::_Facet_Register 42 API calls 53218->53220 53219->53213 53222 1400924a3 53219->53222 53220->53225 53221 14009253a 53246 1400948d0 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind _Strcoll 53221->53246 53224 1400b3188 std::_Facet_Register 42 API calls 53222->53224 53224->53225 53225->53221 53228 140092564 53225->53228 53245 1400948d0 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind _Strcoll 53225->53245 53231 140092649 53228->53231 53232 1400926b4 53228->53232 53233 1400925b3 ISource 53228->53233 53237 14009265d shared_ptr _Yarn 53228->53237 53229 14009275f 53250 14002b320 42 API calls 2 library calls 53229->53250 53230 1400b3188 std::_Facet_Register 42 API calls 53230->53237 53231->53229 53231->53230 53235 1400b3188 std::_Facet_Register 42 API calls 53232->53235 53233->53148 53235->53237 53236 140092765 53238 140092724 ISource 53237->53238 53249 14003e530 42 API calls ISource 53237->53249 53238->53148 53239->53193 53241->53207 53242->53214 53243->53198 53244->53214 53245->53221 53246->53228 53247->53212 53248->53228 53249->53229 53250->53236 53253 14003f276 53252->53253 53254 14003f203 _Yarn 53252->53254 53253->53167 53254->53253 53257 14003ef30 53254->53257 53256->53171 53259 14003ef58 53257->53259 53266 14003ef5d ISource _Yarn 53257->53266 53258 14003f017 53260 1400b3188 std::_Facet_Register 42 API calls 53258->53260 53259->53258 53261 14003efd9 53259->53261 53262 14003efe6 53259->53262 53259->53266 53260->53266 53261->53262 53263 14003f11c 53261->53263 53264 1400b3188 std::_Facet_Register 42 API calls 53262->53264 53262->53266 53267 14002b320 42 API calls 2 library calls 53263->53267 53264->53266 53266->53254 53267->53266 53268 140044e89 53269 140044eee 53268->53269 53270 140044eac 53268->53270 53271 1400b3188 std::_Facet_Register 42 API calls 53269->53271 53270->53269 53272 140044ee1 53270->53272 53273 140044f1d 53270->53273 53277 140044ed4 ISource _Yarn 53270->53277 53271->53277 53272->53269 53274 140044fa0 53272->53274 53275 1400b3188 std::_Facet_Register 42 API calls 53273->53275 53278 14002b320 42 API calls 2 library calls 53274->53278 53275->53277 53278->53277 53279 14003b4b0 LoadLibraryA 53280 14003b5b5 6 API calls 53279->53280 53281 14003c469 __crtLCMapStringW 53279->53281 53280->53281 53292 14003b976 ISource 53280->53292 53282 1400b3040 _Strcoll 3 API calls 53281->53282 53283 14003c4a6 53282->53283 53284 1400b3188 42 API calls std::_Facet_Register 53284->53292 53285 140070160 48 API calls 53285->53292 53286 1400422d0 42 API calls 53286->53292 53287 14003e980 42 API calls 53287->53292 53288 140042000 42 API calls 53288->53292 53289 140043610 42 API calls 53289->53292 53291 14003c51a 53296 14003c54a CreateToolhelp32Snapshot 53291->53296 53292->53281 53292->53284 53292->53285 53292->53286 53292->53287 53292->53288 53292->53289 53292->53291 53295 14003c4c7 53292->53295 53334 140058c40 42 API calls std::_Facet_Register 53292->53334 53335 140040530 53292->53335 53345 140049870 42 API calls 2 library calls 53292->53345 53298 1400443c0 42 API calls 53295->53298 53297 14003c5b7 shared_ptr 53296->53297 53300 14003de70 57 API calls 53297->53300 53299 14003c507 53298->53299 53301 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53299->53301 53302 14003c5c3 53300->53302 53301->53291 53303 14003c7e1 53302->53303 53304 14003c5ce Process32FirstW 53302->53304 53305 14003dda0 42 API calls 53303->53305 53304->53303 53324 14003c5ea ISource 53304->53324 53306 14003c7f4 53305->53306 53308 140042000 42 API calls 53306->53308 53311 14003c9d1 ISource ProcessCodePage 53306->53311 53309 14003c833 53308->53309 53346 1400422d0 42 API calls 2 library calls 53309->53346 53312 1400b3040 _Strcoll 3 API calls 53311->53312 53320 14003cae3 53311->53320 53313 14003cac2 53312->53313 53314 14003c848 53347 14003e980 42 API calls 3 library calls 53314->53347 53316 140048d50 42 API calls 53316->53324 53317 1400432f0 56 API calls 53317->53324 53318 14003c91b 53348 14003e980 42 API calls 3 library calls 53318->53348 53319 140041a20 56 API calls 53319->53324 53322 140046b80 42 API calls 53322->53324 53323 14003c7b3 Process32NextW 53323->53303 53323->53324 53324->53316 53324->53317 53324->53319 53324->53320 53324->53322 53324->53323 53325 140070160 53324->53325 53326 14007018f ISource 53325->53326 53327 1400701ae 53325->53327 53328 1400b3040 _Strcoll 3 API calls 53326->53328 53333 14007025c 53326->53333 53330 1400348f0 42 API calls 53327->53330 53329 14007024e 53328->53329 53329->53324 53331 1400701d7 53330->53331 53349 140070270 48 API calls 2 library calls 53331->53349 53334->53292 53336 140040686 53335->53336 53337 140040563 53335->53337 53336->53337 53338 140040693 53336->53338 53339 1400b3040 _Strcoll 3 API calls 53337->53339 53350 1400450c0 42 API calls 3 library calls 53338->53350 53340 140040592 53339->53340 53340->53292 53342 1400406b4 53343 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53342->53343 53344 1400406c5 53343->53344 53345->53292 53346->53314 53347->53318 53348->53311 53349->53326 53350->53342 53351 140031d30 53352 140031e05 53351->53352 53353 140032040 RegOpenKeyExA 53352->53353 53355 14003217e 53353->53355 53354 1400329ed ISource 53356 1400b3040 _Strcoll 3 API calls 53354->53356 53355->53354 53357 140032a40 53355->53357 53358 140032a10 53356->53358 53359 14002dc60 43 API calls 53357->53359 53360 140032a5a 53359->53360 53361 14002dbf0 43 API calls 53360->53361 53362 140032a79 53361->53362 53363 14002dbf0 43 API calls 53362->53363 53364 140032a95 53363->53364 53365 14002c990 RtlPcToFileHeader 53364->53365 53366 140032aad 53365->53366 53367 14003787d 53368 14003788c 53367->53368 53369 1400378ae 53368->53369 53514 14002e470 52 API calls _Strcoll 53368->53514 53411 1400378b2 ISource 53369->53411 53515 14002e180 55 API calls 53369->53515 53372 140038cc2 ISource 53373 1400b3040 _Strcoll 3 API calls 53372->53373 53374 140038ced 53373->53374 53375 140039dcd 53376 1400b3040 _Strcoll 3 API calls 53375->53376 53378 140039ddc 53376->53378 53377 140038d0e 53379 14002dbf0 43 API calls 53377->53379 53490 140038d23 ISource 53379->53490 53380 14002cf00 42 API calls 53458 14003793c 53380->53458 53381 14002e510 49 API calls 53381->53490 53382 14002cd90 43 API calls 53382->53458 53383 140039e02 53385 14002dc60 43 API calls 53383->53385 53402 140039e22 53385->53402 53386 140037bdc 53531 14002e470 52 API calls _Strcoll 53386->53531 53387 1400430f0 42 API calls 53387->53490 53389 140037d13 53425 1400380c1 53389->53425 53532 14002e180 55 API calls 53389->53532 53394 140080e60 109 API calls 53394->53458 53396 140039e64 53397 14002dbf0 43 API calls 53396->53397 53406 140039e76 ISource 53397->53406 53399 140038576 53549 140035e20 111 API calls 2 library calls 53399->53549 53401 140038589 53401->53411 53550 140040780 42 API calls 3 library calls 53401->53550 53410 14002c990 RtlPcToFileHeader 53402->53410 53403 140040530 42 API calls 53403->53490 53404 140042000 42 API calls 53404->53490 53412 14002e510 49 API calls 53406->53412 53422 14003a903 53406->53422 53407 1400385bb 53414 1400b3188 std::_Facet_Register 42 API calls 53407->53414 53409 1400422d0 42 API calls 53409->53490 53410->53396 53411->53372 53411->53377 53411->53490 53432 14003a089 53412->53432 53413 140080e60 109 API calls 53413->53490 53437 140038686 53414->53437 53415 14003eac0 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind 53415->53458 53416 14002e510 49 API calls 53502 140037d2e 53416->53502 53419 14003a888 ISource 53423 1400b3040 _Strcoll 3 API calls 53419->53423 53420 14002dc60 43 API calls 53420->53422 53421 140030d20 109 API calls 53421->53490 53424 14002dbf0 43 API calls 53422->53424 53427 14003a8b4 53423->53427 53463 14003a91f 53424->53463 53425->53411 53546 1400432a0 42 API calls 53425->53546 53426 14003a8e3 53426->53420 53428 14002e1d0 44 API calls 53428->53490 53429 14002cf00 42 API calls 53429->53490 53430 14003f990 42 API calls 53446 1400381e9 ISource _Strcoll 53430->53446 53431 140080e60 109 API calls 53431->53502 53435 140041e30 54 API calls 53432->53435 53464 14003a737 ISource 53432->53464 53433 14003f990 42 API calls 53433->53490 53434 14002e1d0 44 API calls 53434->53502 53512 14003a19d ISource _Strcoll 53435->53512 53436 14002cd90 43 API calls 53436->53490 53551 14003e980 42 API calls 3 library calls 53437->53551 53438 14003e980 42 API calls 53438->53490 53442 140030d20 109 API calls 53442->53502 53443 140038736 53449 140042000 42 API calls 53443->53449 53446->53399 53446->53411 53446->53430 53446->53490 53547 140043b30 42 API calls 2 library calls 53446->53547 53548 140049020 42 API calls 3 library calls 53446->53548 53447 140042240 42 API calls 53447->53458 53448 14002cd90 43 API calls 53448->53502 53450 1400387a6 53449->53450 53552 1400422d0 42 API calls 2 library calls 53450->53552 53453 1400387c2 53553 14003e980 42 API calls 3 library calls 53453->53553 53454 14003f990 42 API calls 53454->53458 53455 140042240 42 API calls 53455->53502 53458->53380 53458->53382 53458->53386 53458->53394 53458->53415 53458->53447 53458->53454 53516 14003eb20 42 API calls 53458->53516 53517 1400422d0 42 API calls 2 library calls 53458->53517 53518 14003f480 RtlPcToFileHeader 53458->53518 53519 1400422a0 42 API calls 53458->53519 53520 14003e980 42 API calls 3 library calls 53458->53520 53521 14003e8a0 42 API calls 2 library calls 53458->53521 53522 14002e1d0 53458->53522 53462 14002e1d0 44 API calls 53462->53512 53468 14002c990 RtlPcToFileHeader 53463->53468 53464->53419 53464->53426 53464->53463 53465 140038818 ISource 53466 14003f990 42 API calls 53465->53466 53465->53490 53467 1400388ae 53466->53467 53554 14003e980 42 API calls 3 library calls 53467->53554 53470 14003a949 CredEnumerateA 53468->53470 53473 14003b3dc 53470->53473 53501 14003a9c0 ISource 53470->53501 53472 1400388be 53555 14003e8a0 42 API calls 2 library calls 53472->53555 53476 1400b3040 _Strcoll 3 API calls 53473->53476 53475 14003b3cf CredFree 53475->53473 53477 14003b3eb 53476->53477 53478 14003eac0 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind 53478->53502 53479 140080e60 109 API calls 53479->53512 53480 14003f990 42 API calls 53480->53502 53481 140030d20 109 API calls 53481->53512 53484 14002cf00 42 API calls 53484->53512 53486 140042000 42 API calls 53486->53501 53487 14002cd90 43 API calls 53487->53512 53488 14002cf00 42 API calls 53488->53502 53489 1400422d0 42 API calls 53489->53501 53490->53375 53490->53381 53490->53383 53490->53387 53490->53396 53490->53402 53490->53403 53490->53404 53490->53409 53490->53413 53490->53421 53490->53428 53490->53429 53490->53433 53490->53436 53490->53438 53556 140081fa0 53490->53556 53623 140070410 CryptUnprotectData 53490->53623 53631 140041e30 53490->53631 53642 140040780 42 API calls 3 library calls 53490->53642 53643 140052030 53490->53643 53651 14003e8a0 42 API calls 2 library calls 53490->53651 53492 140042000 42 API calls 53492->53512 53495 140043610 42 API calls 53495->53501 53496 14003e980 42 API calls 53496->53501 53497 1400b3188 42 API calls std::_Facet_Register 53497->53501 53498 14003f480 RtlPcToFileHeader 53498->53502 53501->53475 53501->53486 53501->53489 53501->53495 53501->53496 53501->53497 53504 140040530 42 API calls 53501->53504 53505 14003b45f ISource 53501->53505 53507 14003b40c 53501->53507 53656 140058c40 42 API calls std::_Facet_Register 53501->53656 53657 140049870 42 API calls 2 library calls 53501->53657 53502->53377 53502->53416 53502->53425 53502->53431 53502->53434 53502->53442 53502->53448 53502->53455 53502->53478 53502->53480 53502->53488 53502->53498 53533 14003eb20 42 API calls 53502->53533 53534 1400422d0 42 API calls 2 library calls 53502->53534 53535 1400422a0 42 API calls 53502->53535 53536 14003e980 42 API calls 3 library calls 53502->53536 53537 14003e8a0 42 API calls 2 library calls 53502->53537 53538 14002cec0 53502->53538 53541 1400430f0 53502->53541 53503 140052030 42 API calls 53503->53512 53504->53501 53509 1400443c0 42 API calls 53507->53509 53508 14003e980 42 API calls 53508->53512 53510 14003b44c 53509->53510 53511 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53510->53511 53511->53505 53512->53422 53512->53462 53512->53463 53512->53464 53512->53479 53512->53481 53512->53484 53512->53487 53512->53492 53512->53503 53512->53508 53652 14002d000 42 API calls 53512->53652 53653 140040780 42 API calls 3 library calls 53512->53653 53654 1400422d0 42 API calls 2 library calls 53512->53654 53655 14003e8a0 42 API calls 2 library calls 53512->53655 53514->53369 53515->53458 53516->53458 53517->53458 53518->53458 53519->53458 53520->53458 53521->53458 53524 14002e200 53522->53524 53525 14002e2ce 53524->53525 53528 14002e23b 53524->53528 53658 1400b938c FindNextFileW 53524->53658 53661 14002dae0 42 API calls 2 library calls 53525->53661 53526 1400b3040 _Strcoll 3 API calls 53529 14002e2b9 53526->53529 53528->53526 53529->53458 53530 14002e2dc 53531->53389 53532->53502 53533->53502 53534->53502 53535->53502 53536->53502 53537->53502 53662 140034b80 53538->53662 53540 14002cee0 53540->53502 53542 14003f800 42 API calls 53541->53542 53543 140043148 _Yarn 53542->53543 53544 14003f800 42 API calls 53543->53544 53545 140043281 53544->53545 53545->53502 53546->53446 53547->53446 53548->53446 53549->53401 53550->53407 53551->53443 53552->53453 53553->53465 53554->53472 53555->53411 53557 140081ffe 53556->53557 53565 1400820ea 53556->53565 53724 1400b3110 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 53557->53724 53562 14002e510 49 API calls 53568 1400822f1 shared_ptr 53562->53568 53564 1400821fc ISource 53564->53562 53567 1400827d2 53564->53567 53565->53564 53725 1400b3110 AcquireSRWLockExclusive SleepConditionVariableSRW ReleaseSRWLockExclusive 53565->53725 53569 14002dc60 43 API calls 53567->53569 53570 140090530 71 API calls 53568->53570 53581 140082333 53568->53581 53576 1400827fa 53569->53576 53572 14008241e 53570->53572 53571 1400b3040 _Strcoll 3 API calls 53573 1400823c5 53571->53573 53574 140082462 53572->53574 53575 1400826c7 53572->53575 53573->53490 53676 14008f070 53574->53676 53729 140051500 42 API calls 53575->53729 53579 14002c7e0 42 API calls 53576->53579 53582 140082821 53579->53582 53580 140082494 53585 1400824b1 53580->53585 53586 140082533 53580->53586 53581->53567 53622 140082394 ISource 53581->53622 53583 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53582->53583 53584 140082832 53583->53584 53591 14002c7e0 42 API calls 53584->53591 53585->53576 53588 1400824e2 53585->53588 53683 14008da40 53586->53683 53590 14008d880 44 API calls 53588->53590 53589 140082547 53595 14008255e 53589->53595 53596 1400825e0 53589->53596 53593 1400824ef 53590->53593 53592 14008285b 53591->53592 53594 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53592->53594 53726 140050810 42 API calls 53593->53726 53602 14008286f 53594->53602 53595->53584 53598 14008258f 53595->53598 53597 14008da40 48 API calls 53596->53597 53600 1400825f4 53597->53600 53601 14008d880 44 API calls 53598->53601 53603 14008da40 48 API calls 53600->53603 53604 14008259c 53601->53604 53605 14002c7e0 42 API calls 53602->53605 53606 140082603 53603->53606 53727 140050810 42 API calls 53604->53727 53607 140082899 53605->53607 53705 140062f30 53606->53705 53609 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53607->53609 53618 1400828ad 53609->53618 53610 140082613 53610->53602 53612 140082645 53610->53612 53716 14008d880 53612->53716 53613 140082924 53613->53490 53615 1400828e0 send 53617 14008290c 53615->53617 53615->53618 53616 140082652 53619 14003f990 42 API calls 53616->53619 53617->53490 53618->53613 53618->53615 53618->53617 53620 140082662 53619->53620 53728 140050810 42 API calls 53620->53728 53622->53571 53624 14007053c 53623->53624 53625 140070476 53623->53625 53626 1400b3040 _Strcoll 3 API calls 53624->53626 53627 14007049d shared_ptr _Yarn 53625->53627 53628 140045680 42 API calls 53625->53628 53629 140070556 53626->53629 53630 1400704f6 LocalFree 53627->53630 53628->53627 53629->53490 53630->53624 53632 140034b80 42 API calls 53631->53632 53633 140041e7c 53632->53633 54037 14002dcc0 53633->54037 53636 1400b93ac 40 API calls 53638 140041fc3 53636->53638 53637 1400b3188 std::_Facet_Register 42 API calls 53640 140041ef4 53637->53640 53639 1400b3040 _Strcoll 3 API calls 53638->53639 53641 140041fdf 53639->53641 53640->53636 53641->53490 53642->53490 53644 140052063 53643->53644 53645 1400b3188 std::_Facet_Register 42 API calls 53644->53645 53646 140052078 53645->53646 53647 14003f990 42 API calls 53646->53647 53648 140052095 53647->53648 53649 1400b3040 _Strcoll 3 API calls 53648->53649 53650 1400520ae 53649->53650 53650->53490 53651->53490 53652->53512 53653->53512 53654->53512 53655->53512 53656->53501 53657->53501 53659 1400b939a 53658->53659 53660 1400b93a1 GetLastError 53658->53660 53659->53524 53661->53530 53663 140034bae 53662->53663 53664 140034bca _Yarn 53663->53664 53668 140034c64 53663->53668 53669 140034c3d 53663->53669 53671 140034ca3 53663->53671 53673 140034c4e 53663->53673 53664->53540 53670 1400b3188 std::_Facet_Register 42 API calls 53668->53670 53672 1400b3188 std::_Facet_Register 42 API calls 53669->53672 53669->53673 53670->53664 53675 14002b3e0 42 API calls 53671->53675 53672->53673 53673->53664 53674 14002b320 42 API calls 2 library calls 53673->53674 53674->53671 53677 140040530 42 API calls 53676->53677 53678 14008f0a6 53677->53678 53730 140092020 53678->53730 53682 14008f115 53682->53580 53684 14008dade 53683->53684 53688 14008da5f 53683->53688 53685 1400443c0 42 API calls 53684->53685 53687 14008db0b 53685->53687 53686 14008da9a 53686->53589 53689 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53687->53689 53688->53686 54033 14008f5a0 42 API calls 3 library calls 53688->54033 53690 14008db1c shared_ptr 53689->53690 53694 1400b3188 std::_Facet_Register 42 API calls 53690->53694 53692 14008dacd 53693 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53692->53693 53693->53684 53695 14008db98 53694->53695 53696 14009b0c4 40 API calls 53695->53696 53697 14008dc55 shared_ptr 53696->53697 54004 140070830 53697->54004 53699 14008dca2 54029 14008df00 53699->54029 53701 1400b3040 _Strcoll 3 API calls 53703 14008ddd7 53701->53703 53702 14008dd3e ISource 53702->53701 53704 14008ddee ISource 53702->53704 53703->53589 53704->53589 53706 140062f6d 53705->53706 53708 140062fae 53705->53708 53707 140062f8c 53706->53707 54036 1400412f0 42 API calls Concurrency::cancel_current_task 53706->54036 53707->53610 53710 1400443c0 42 API calls 53708->53710 53711 140062fe1 53710->53711 53712 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53711->53712 53715 140062ff2 53712->53715 53713 140063026 53713->53610 53714 1400b93ac 40 API calls 53714->53715 53715->53713 53715->53714 53717 140051bc0 42 API calls 53716->53717 53719 14008d892 53717->53719 53718 14008d8c0 53718->53616 53719->53718 53720 14002c7e0 42 API calls 53719->53720 53721 14008d906 53720->53721 53722 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53721->53722 53723 14008d917 __std_exception_destroy 53722->53723 53723->53616 53726->53622 53727->53622 53728->53622 53729->53581 53731 140092074 53730->53731 53779 14009b0c4 53731->53779 53735 140092181 53802 14007f2c0 53735->53802 53738 1400b3040 _Strcoll 3 API calls 53739 14008f109 53738->53739 53740 14008fed0 53739->53740 53741 1400901e1 53740->53741 53745 14008ff1b shared_ptr 53740->53745 53840 140093640 53741->53840 53743 140090214 53744 140090780 42 API calls 53743->53744 53749 140090220 53744->53749 53896 140063d10 42 API calls 53745->53896 53747 14008ff6b 53750 140090780 42 API calls 53747->53750 53748 140040530 42 API calls 53756 1400903dc 53748->53756 53753 140067880 42 API calls 53749->53753 53769 1400902a2 ISource __std_exception_destroy 53749->53769 53759 14008ff87 53750->53759 53751 1400b3040 _Strcoll 3 API calls 53752 14009046c 53751->53752 53752->53682 53757 140090293 53753->53757 53754 14009012d 53758 140040530 42 API calls 53754->53758 53755 140090175 53762 140090148 ISource 53755->53762 53763 140040530 42 API calls 53755->53763 53760 1400904c0 53756->53760 53756->53762 53761 1400643f0 42 API calls 53757->53761 53758->53762 53777 140090114 ISource 53759->53777 53897 140067880 53759->53897 53983 140062ac0 53760->53983 53761->53769 53762->53751 53763->53762 53766 140062ac0 41 API calls 53770 140090507 53766->53770 53768 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53776 1400904e8 53768->53776 53769->53748 53769->53756 53769->53760 53774 140090517 53769->53774 53769->53776 53772 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53770->53772 53771 14008fff9 53977 1400643f0 53771->53977 53772->53774 53776->53766 53777->53754 53777->53755 53778 14009001e ISource __std_exception_destroy 53778->53776 53778->53777 53780 14009f0c0 _Strcoll 40 API calls 53779->53780 53781 14009b0cd 53780->53781 53782 1400a1348 _Strcoll 40 API calls 53781->53782 53783 14009215a 53782->53783 53784 140090780 53783->53784 53785 1400907a3 53784->53785 53789 1400907f0 53784->53789 53809 140091d30 53785->53809 53787 140091d30 42 API calls 53787->53789 53788 1400907a8 53788->53789 53790 140091d30 42 API calls 53788->53790 53789->53787 53801 140090843 53789->53801 53791 1400907b7 53790->53791 53792 1400907cd 53791->53792 53793 140091d30 42 API calls 53791->53793 53794 1400b3040 _Strcoll 3 API calls 53792->53794 53796 1400907c6 53793->53796 53797 1400907ea 53794->53797 53795 140090948 53798 1400b3040 _Strcoll 3 API calls 53795->53798 53796->53789 53796->53792 53797->53735 53799 140090a9b 53798->53799 53799->53735 53800 140091d30 42 API calls 53800->53801 53801->53795 53801->53800 53803 14007f2f7 53802->53803 53804 14007f2ce 53802->53804 53803->53738 53804->53803 53805 14002c7e0 42 API calls 53804->53805 53806 14007f32e 53805->53806 53807 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53806->53807 53808 14007f33f 53807->53808 53810 140091d53 53809->53810 53811 140091d4d 53809->53811 53812 140091d6a 53810->53812 53825 140050eb0 42 API calls 53810->53825 53813 140091dd7 53811->53813 53826 140069f40 53811->53826 53812->53811 53815 140091e04 53812->53815 53813->53788 53816 14002c7e0 42 API calls 53815->53816 53817 140091e46 53816->53817 53818 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53817->53818 53819 140091e57 53818->53819 53820 140045510 42 API calls 53819->53820 53823 140091e85 53819->53823 53820->53823 53821 140091f30 53821->53788 53822 140091d30 42 API calls 53822->53823 53823->53821 53823->53822 53824 140045510 42 API calls 53823->53824 53824->53823 53825->53812 53827 140069f8a 53826->53827 53836 140069fba _Yarn 53826->53836 53828 140069fa6 53827->53828 53832 14006a00a 53827->53832 53827->53836 53830 14006a0e6 53828->53830 53831 1400b3188 std::_Facet_Register 42 API calls 53828->53831 53839 14002b320 42 API calls 2 library calls 53830->53839 53831->53836 53834 1400b3188 std::_Facet_Register 42 API calls 53832->53834 53834->53836 53835 14006a0ec 53837 14006a0a3 ISource 53836->53837 53838 14003e530 42 API calls ISource 53836->53838 53837->53813 53838->53830 53839->53835 53841 1400936bd 53840->53841 53842 140067880 42 API calls 53841->53842 53843 1400942f2 53842->53843 53844 1400643f0 42 API calls 53843->53844 53845 140094302 53844->53845 53846 14009436d 53845->53846 53856 14009430d 53845->53856 53847 140062ac0 41 API calls 53846->53847 53848 140094379 53847->53848 53849 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53848->53849 53850 140094389 53849->53850 53851 140062ac0 41 API calls 53850->53851 53852 140094396 53851->53852 53853 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53852->53853 53854 1400943a6 53853->53854 53855 140062ac0 41 API calls 53854->53855 53857 1400943b3 53855->53857 53859 1400b3040 _Strcoll 3 API calls 53856->53859 53858 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53857->53858 53860 1400943c3 53858->53860 53861 140094356 53859->53861 53986 140069640 53860->53986 53861->53743 53864 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53865 1400943e0 53864->53865 53866 140062ac0 41 API calls 53865->53866 53867 1400943ed 53866->53867 53868 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53867->53868 53869 1400943fd 53868->53869 53870 140062ac0 41 API calls 53869->53870 53871 14009440a 53870->53871 53872 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53871->53872 53873 14009441a 53872->53873 53874 140062ac0 41 API calls 53873->53874 53875 140094427 53874->53875 53876 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53875->53876 53877 140094437 53876->53877 53878 140062ac0 41 API calls 53877->53878 53879 140094444 53878->53879 53880 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53879->53880 53881 140094454 53880->53881 53882 140062ac0 41 API calls 53881->53882 53883 140094461 53882->53883 53884 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53883->53884 53885 140094471 53884->53885 53886 140062ac0 41 API calls 53885->53886 53887 14009447e 53886->53887 53888 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53887->53888 53889 14009448e 53888->53889 53890 140062ac0 41 API calls 53889->53890 53891 14009449b 53890->53891 53892 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53891->53892 53893 1400944ab 53892->53893 53894 140094523 53893->53894 53895 140050eb0 42 API calls 53893->53895 53894->53743 53895->53894 53896->53747 53898 1400678df 53897->53898 53994 140059950 IsProcessorFeaturePresent RtlCaptureContext RtlVirtualUnwind ISource __std_exception_destroy 53898->53994 53900 1400678f6 53901 14002e610 42 API calls 53900->53901 53904 140067932 ISource 53901->53904 53902 1400b4f20 __std_exception_copy 41 API calls 53903 140067ae3 53902->53903 53905 140067b37 ISource 53903->53905 53908 140067b73 53903->53908 53904->53902 53904->53908 53906 1400b3040 _Strcoll 3 API calls 53905->53906 53907 140067b5c 53906->53907 53907->53771 53909 140067880 42 API calls 53908->53909 53910 140068852 53909->53910 53911 1400643f0 42 API calls 53910->53911 53912 140068862 53911->53912 53913 1400688cd 53912->53913 53926 14006886d 53912->53926 53914 140062ac0 41 API calls 53913->53914 53915 1400688d9 53914->53915 53916 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53915->53916 53917 1400688e9 53916->53917 53918 140062ac0 41 API calls 53917->53918 53919 1400688f6 53918->53919 53920 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53919->53920 53921 140068906 53920->53921 53922 140062ac0 41 API calls 53921->53922 53923 140068913 53922->53923 53924 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53923->53924 53925 140068923 53924->53925 53927 140069640 41 API calls 53925->53927 53928 1400b3040 _Strcoll 3 API calls 53926->53928 53929 140068930 53927->53929 53930 1400688b6 53928->53930 53931 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53929->53931 53930->53771 53932 140068940 53931->53932 53933 140062ac0 41 API calls 53932->53933 53934 14006894d 53933->53934 53935 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53934->53935 53936 14006895d 53935->53936 53937 140062ac0 41 API calls 53936->53937 53938 14006896a 53937->53938 53939 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53938->53939 53940 14006897a 53939->53940 53941 140062ac0 41 API calls 53940->53941 53942 140068987 53941->53942 53943 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53942->53943 53944 140068997 53943->53944 53945 140062ac0 41 API calls 53944->53945 53946 1400689a4 53945->53946 53947 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53946->53947 53948 1400689b4 53947->53948 53949 140062ac0 41 API calls 53948->53949 53950 1400689c1 53949->53950 53951 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53950->53951 53952 1400689d1 53951->53952 53953 140062ac0 41 API calls 53952->53953 53954 1400689de 53953->53954 53955 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53954->53955 53956 1400689ee 53955->53956 53957 140062ac0 41 API calls 53956->53957 53958 1400689fb 53957->53958 53959 1400b5694 Concurrency::cancel_current_task RtlPcToFileHeader 53958->53959 53960 140068a0b 53959->53960 53961 140068bbe 53960->53961 53965 140068a8c 53960->53965 53995 14002b3e0 42 API calls 53961->53995 53963 140068af1 53966 1400b3188 std::_Facet_Register 42 API calls 53963->53966 53964 140068bc3 53996 14002b320 42 API calls 2 library calls 53964->53996 53965->53963 53968 140068ae4 53965->53968 53969 140068b20 53965->53969 53971 140068ad7 _Yarn 53965->53971 53966->53971 53968->53963 53968->53964 53970 1400b3188 std::_Facet_Register 42 API calls 53969->53970 53970->53971 53972 140068b7c ISource _Yarn 53971->53972 53997 1400627c0 40 API calls ISource 53971->53997 53972->53771 53974 140068be8 53998 1400b93ac 53974->53998 53978 140064446 53977->53978 53979 1400644f2 53977->53979 53978->53979 53982 140045510 42 API calls 53978->53982 53980 1400b3040 _Strcoll 3 API calls 53979->53980 53981 140064502 53980->53981 53981->53760 53981->53778 53982->53978 53984 14003fe50 41 API calls 53983->53984 53985 140062ada 53984->53985 53985->53768 53989 14003fe50 53986->53989 53990 1400b4f20 __std_exception_copy 41 API calls 53989->53990 53991 14003fe84 53990->53991 53992 1400b4f20 __std_exception_copy 41 API calls 53991->53992 53993 14003feb4 53992->53993 53993->53864 53994->53900 53996->53971 53997->53974 53999 140068bf2 53998->53999 54000 1400b93b6 __std_fs_directory_iterator_open 53998->54000 54000->53999 54003 14009ea90 40 API calls __std_fs_directory_iterator_open 54000->54003 54005 140070936 54004->54005 54008 140070868 54004->54008 54035 14002b3e0 42 API calls 54005->54035 54010 1400708f8 54008->54010 54011 1400708a3 54008->54011 54013 14007086e shared_ptr 54008->54013 54009 1400b3188 std::_Facet_Register 42 API calls 54014 1400708b9 54009->54014 54015 1400b3188 std::_Facet_Register 42 API calls 54010->54015 54011->54009 54011->54014 54013->53699 54014->54013 54034 14002b320 42 API calls 2 library calls 54014->54034 54015->54013 54030 14008df30 54029->54030 54031 1400b3040 _Strcoll 3 API calls 54030->54031 54032 14008e843 54031->54032 54032->53702 54033->53692 54034->54005 54038 14002dcff 54037->54038 54039 14002de2f ISource 54038->54039 54041 140034b80 42 API calls 54038->54041 54040 1400b3040 _Strcoll 3 API calls 54039->54040 54052 14002def5 54039->54052 54042 14002dede 54040->54042 54043 14002dd39 54041->54043 54042->53637 54042->53640 54044 1400348f0 42 API calls 54043->54044 54045 14002dd67 ISource 54044->54045 54045->54052 54053 1400b93cc 54045->54053 54047 14002ddf8 54048 14002de36 54047->54048 54049 14002ddfe 54047->54049 54048->54039 54050 14002e510 49 API calls 54048->54050 54049->54039 54051 1400b938c 2 API calls 54049->54051 54050->54039 54051->54049 54054 1400b93ea __std_fs_directory_iterator_open 54053->54054 54055 1400b93f7 FindFirstFileExW 54053->54055 54054->54055 54057 1400b9438 54054->54057 54056 1400b941e __std_fs_directory_iterator_open 54055->54056 54056->54047 54060 14009ea90 40 API calls __std_fs_directory_iterator_open 54057->54060

                              Executed Functions

                              Function 00000001400B947C Relevance: 33.3, APIs: 22, Instructions: 278fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 0 1400b947c-1400b94bc 1 1400b94be-1400b94c5 0->1 2 1400b94d1-1400b94da 0->2 1->2 3 1400b94c7-1400b94cc 1->3 4 1400b94dc-1400b94df 2->4 5 1400b94f6-1400b94f8 2->5 8 1400b9750-1400b9776 call 1400b3040 3->8 4->5 9 1400b94e1-1400b94e9 4->9 6 1400b974e 5->6 7 1400b94fe-1400b9502 5->7 6->8 12 1400b95d9-1400b9600 call 1400b9850 7->12 13 1400b9508-1400b950b 7->13 10 1400b94eb-1400b94ed 9->10 11 1400b94ef-1400b94f2 9->11 10->5 10->11 11->5 25 1400b9622-1400b962b 12->25 26 1400b9602-1400b960b 12->26 15 1400b951f-1400b9531 GetFileAttributesExW 13->15 16 1400b950d-1400b9515 13->16 20 1400b9584-1400b9593 15->20 21 1400b9533-1400b953c call 1400d4220 15->21 16->15 19 1400b9517-1400b9519 16->19 19->12 19->15 23 1400b9597-1400b9599 20->23 21->8 38 1400b9542-1400b9554 FindFirstFileW 21->38 27 1400b959b-1400b95a3 23->27 28 1400b95a5-1400b95d3 23->28 32 1400b96df-1400b96e8 25->32 33 1400b9631-1400b9649 GetFileInformationByHandleEx 25->33 30 1400b961b-1400b961d 26->30 31 1400b960d-1400b9615 call 1400d4118 26->31 27->12 27->28 28->6 28->12 30->8 31->30 58 1400b9791-1400b9796 call 14009ea90 31->58 36 1400b96ea-1400b96fe GetFileInformationByHandleEx 32->36 37 1400b9737-1400b9739 32->37 34 1400b964b-1400b9657 call 1400d4220 33->34 35 1400b9671-1400b968a 33->35 61 1400b966a-1400b966c 34->61 62 1400b9659-1400b9664 call 1400d4118 34->62 35->32 43 1400b968c-1400b9690 35->43 41 1400b9700-1400b970c call 1400d4220 36->41 42 1400b9724-1400b9734 36->42 47 1400b973b-1400b973f 37->47 48 1400b9777-1400b977b 37->48 44 1400b9561-1400b9582 call 1400d40e8 38->44 45 1400b9556-1400b955c call 1400d4220 38->45 41->61 72 1400b9712-1400b971d call 1400d4118 41->72 42->37 55 1400b9692-1400b96ac GetFileInformationByHandleEx 43->55 56 1400b96d8 43->56 44->23 45->8 47->6 50 1400b9741-1400b974c call 1400d4118 47->50 53 1400b978a-1400b978f 48->53 54 1400b977d-1400b9788 call 1400d4118 48->54 50->6 50->58 53->8 54->53 54->58 66 1400b96cf-1400b96d6 55->66 67 1400b96ae-1400b96ba call 1400d4220 55->67 63 1400b96dc 56->63 79 1400b9797-1400b979c call 14009ea90 58->79 61->8 62->61 81 1400b97a3-1400b97ca call 14009ea90 call 1400b90dc 62->81 63->32 66->63 67->61 83 1400b96bc-1400b96c7 call 1400d4118 67->83 86 1400b971f 72->86 87 1400b979d-1400b97a2 call 14009ea90 72->87 79->87 96 1400b97dc-1400b97e8 GetFileAttributesW 81->96 97 1400b97cc-1400b97da call 1400d4220 81->97 83->79 92 1400b96cd 83->92 86->61 87->81 92->61 99 1400b97ea-1400b97ec 96->99 100 1400b982f 96->100 106 1400b9838-1400b9847 97->106 99->100 103 1400b97ee-1400b97f2 99->103 101 1400b9834 100->101 101->106 104 1400b97f4-1400b9818 call 1400b9850 103->104 105 1400b9828-1400b982d 103->105 109 1400b981a-1400b9822 call 1400d4118 104->109 110 1400b9824-1400b9826 104->110 105->101 109->110 113 1400b9848-1400b984f call 14009ea90 109->113 110->100 110->105
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: CloseErrorFileLast$Handle$AttributesFind__std_fs_open_handle$CreateFirst
                              • String ID:
                              • API String ID: 3856372171-0
                              • Opcode ID: 3115d4354ebb1865d7afd77323c82eee4fd58081d18b420f9cf0354a3ec1495e
                              • Instruction ID: 8eb9bdafdb7ad43ecbbc04621b2b47f91323acc18f6e43efebf973be32b3e81b
                              • Opcode Fuzzy Hash: 3115d4354ebb1865d7afd77323c82eee4fd58081d18b420f9cf0354a3ec1495e
                              • Instruction Fuzzy Hash: 34B17F32214E4186E7668FA7A8447EA63A0EB8D7F0F144714BBBA476F6DF38C8458700
                              Function 000000014003B4B0 Relevance: 29.2, APIs: 12, Strings: 4, Instructions: 1190libraryloaderprocessCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: AddressProc$LibraryProcess32$CloseCreateFirstFreeHandleLoadNextSnapshotToolhelp32
                              • String ID: [PID: $cannot use push_back() with $system$vault
                              • API String ID: 2918959303-1782543976
                              • Opcode ID: f319670b5f3719bf20a84c826ebdc6f613c371897955ff08d995636d490b1b84
                              • Instruction ID: e7d04de0bf7d2ede0252bd06ce868167f405002912ec9c35e0160d414693bfc9
                              • Opcode Fuzzy Hash: f319670b5f3719bf20a84c826ebdc6f613c371897955ff08d995636d490b1b84
                              • Instruction Fuzzy Hash: 91D26C32215BC48ADB62CF26E8843DE77A4F789798F504215EB9C4BBA9DF74C694C700
                              Function 000000014005C7C0 Relevance: 26.5, APIs: 4, Strings: 10, Instructions: 1970COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: FileModuleName
                              • String ID: $ --key "$" --type $APPB:$File.exe$cmd /c ""$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$status
                              • API String ID: 514040917-944069670
                              • Opcode ID: d5a91056d79af5776f69b563551cc3ee9e14be56efeae97973d261ddaf968e40
                              • Instruction ID: 61e81783eac7888240027048ff5e8352e61f2b385e44ecdac473786fa9e86fdc
                              • Opcode Fuzzy Hash: d5a91056d79af5776f69b563551cc3ee9e14be56efeae97973d261ddaf968e40
                              • Instruction Fuzzy Hash: E3235D72A14BC48AEB21CF29E8853DE73B1F789798F505215EB9C07BA9EB75C580C740
                              Function 000000014003787D Relevance: 24.3, APIs: 2, Strings: 10, Instructions: 3325COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Cred__std_fs_convert_wide_to_narrow$EnumerateFree__std_fs_code_page
                              • String ID: cannot use push_back() with $config$content$directory_iterator::directory_iterator$exists$filename$files$key$status$users
                              • API String ID: 1529200026-1424636042
                              • Opcode ID: 73403cb4b12a15e7d187e246962c84645803850f68a0bf444581b730bc92aebc
                              • Instruction ID: b5bf4b2957272ce0c7a3555bb348d851467700f7fbb7f4258258ad653565a7cc
                              • Opcode Fuzzy Hash: 73403cb4b12a15e7d187e246962c84645803850f68a0bf444581b730bc92aebc
                              • Instruction Fuzzy Hash: 39736C72611BC489EB229F36D8843DE73A1F789798F505216EB9D0BBA9DF74C684C340
                              Function 0000000140080A20 Relevance: 24.3, APIs: 16, Instructions: 266fileprocesspipeCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 1992 140080a20-140080aaf CreatePipe 1993 140080ab1 1992->1993 1994 140080af8-140080b4c SetHandleInformation GetStdHandle 1992->1994 1997 140080ab5 1993->1997 1995 140080b4e 1994->1995 1996 140080b51-140080b8d CreateProcessA 1994->1996 1995->1996 1998 140080baf-140080bf7 call 1400d4118 * 3 call 1400b3188 1996->1998 1999 140080b8f-140080baa call 1400d4118 * 2 1996->1999 2000 140080abd-140080af7 call 1400b3040 1997->2000 2015 140080bfd-140080c65 call 1400c0120 ReadFile 1998->2015 2016 140080d81-140080de6 call 140096d28 GetCurrentProcess OpenProcessToken 1998->2016 1999->1997 2021 140080c6b 2015->2021 2022 140080cfd-140080d3d call 1400d4118 2015->2022 2023 140080e2c-140080e2f 2016->2023 2024 140080de8-140080e22 GetTokenInformation 2016->2024 2025 140080c70-140080c75 2021->2025 2022->2000 2033 140080d43-140080d54 2022->2033 2027 140080e3d-140080e5b call 1400b3040 2023->2027 2028 140080e31-140080e3b CloseHandle 2023->2028 2024->2023 2026 140080e24-140080e28 2024->2026 2025->2022 2030 140080c7b-140080c86 2025->2030 2026->2023 2028->2027 2034 140080cb5-140080cc9 call 140045830 2030->2034 2035 140080c88-140080cb3 call 1400bfa80 2030->2035 2037 140080d6b-140080d7c call 1400b3060 2033->2037 2038 140080d56-140080d69 2033->2038 2043 140080cce-140080cee ReadFile 2034->2043 2035->2043 2037->2000 2038->2016 2038->2037 2043->2022 2045 140080cf0-140080cf8 2043->2045 2045->2025
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Handle$Close$Process$CreateFileInformationReadToken$CurrentOpenPipe
                              • String ID:
                              • API String ID: 435572905-0
                              • Opcode ID: dceccd4bed3033d5f2363029517fae0d28a7953c8672b6cc8744d3babce8565b
                              • Instruction ID: 08d826af7e99bc8bdefcb617d8d7770f7d9f6d118e205ee12a4e83850e2cc550
                              • Opcode Fuzzy Hash: dceccd4bed3033d5f2363029517fae0d28a7953c8672b6cc8744d3babce8565b
                              • Instruction Fuzzy Hash: CBC17532614B808AE751CF66E84479E77A4FB88BD8F104229FB8D47BA8DF79C585C740
                              Function 000000014005A150 Relevance: 17.6, APIs: 1, Strings: 8, Instructions: 1871COMMON
                              Download Yara Rule
                              APIs
                                • Part of subcall function 000000014002CD90: __std_fs_code_page.LIBCPMT ref: 000000014002CDC7
                                • Part of subcall function 000000014002CD90: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 000000014002CE0E
                                • Part of subcall function 000000014002CD90: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 000000014002CE4A
                              • Concurrency::cancel_current_task.LIBCPMT ref: 000000014005C62E
                                • Part of subcall function 000000014003F990: Concurrency::cancel_current_task.LIBCPMT ref: 000000014003FA98
                                • Part of subcall function 00000001400499F0: Concurrency::cancel_current_task.LIBCPMT ref: 0000000140049B54
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task$__std_fs_convert_wide_to_narrow$__std_fs_code_page
                              • String ID: cannot use push_back() with $content$directory_iterator::directory_iterator$exists$filename$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
                              • API String ID: 1976907724-4250644884
                              • Opcode ID: f76acbabd9b7fc25343503b6a8c330868902475f44ffdb2e9b13e08de79a8c06
                              • Instruction ID: 8809c4aa34f17827eceedf5296657790c0cf14a5d9a0c4c9fcbc809bdbde575e
                              • Opcode Fuzzy Hash: f76acbabd9b7fc25343503b6a8c330868902475f44ffdb2e9b13e08de79a8c06
                              • Instruction Fuzzy Hash: 00235B72219BC481DA72DB16E4903EEB3A5F7C9790F505216E7DD43AA9EF78C684CB00
                              Function 0000000140080220 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 451fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 3006 140080220-1400802a5 call 14002e510 3009 1400802b1-1400802b4 3006->3009 3010 1400802a7-1400802a9 3006->3010 3013 1400802b6-1400802c2 3009->3013 3014 1400802c7-1400802e0 call 1400c0120 3009->3014 3011 1400802af 3010->3011 3012 1400809c0-1400809d6 call 14002dc60 3010->3012 3011->3013 3023 1400809d7-1400809dc call 140096d28 3012->3023 3015 14008093f-14008096b call 1400b3040 3013->3015 3021 1400802e2 3014->3021 3022 1400802e5-14008034b call 140090530 3014->3022 3021->3022 3029 140080351-140080359 3022->3029 3030 140080745-14008077f call 1400548e0 call 140054800 3022->3030 3031 1400809dd-140080a11 call 14002b5f0 call 14002c7e0 call 1400b5694 3023->3031 3034 14008035b 3029->3034 3035 14008035e-140080381 call 14008b4f0 call 14008b700 3029->3035 3047 14008079e-14008082c call 1400548e0 call 14008ee80 3030->3047 3048 140080781-140080792 call 140044e60 3030->3048 3034->3035 3049 14008045c-140080476 GetFileSize 3035->3049 3050 140080387-14008039d 3035->3050 3047->3031 3074 140080832-140080836 call 140051bc0 3047->3074 3059 140080797 3048->3059 3057 14008049d-1400804b3 3049->3057 3058 140080478-14008049b 3049->3058 3055 14008039f-1400803b3 3050->3055 3056 1400803d3-140080457 call 140051500 3050->3056 3061 1400803ce call 1400b3060 3055->3061 3062 1400803b5-1400803c8 3055->3062 3075 14008092b-14008093a call 1400ba9e0 3056->3075 3065 1400804e5-1400804fd call 140045680 3057->3065 3066 1400804b5-1400804e3 call 1400c0120 3057->3066 3064 140080502-14008054b SetFilePointer ReadFile 3058->3064 3059->3047 3061->3056 3062->3023 3062->3061 3069 140080551-1400805a3 3064->3069 3070 140080662-140080686 3064->3070 3065->3064 3066->3064 3082 1400805d9-14008065d call 140051500 3069->3082 3083 1400805a5-1400805b9 3069->3083 3084 1400806bc-140080740 call 140051500 3070->3084 3085 140080688-14008069c 3070->3085 3081 14008083b-14008083e 3074->3081 3075->3015 3089 14008086d-140080927 call 140051500 3081->3089 3090 140080840-140080867 3081->3090 3082->3075 3091 1400805bb-1400805ce 3083->3091 3092 1400805d4 call 1400b3060 3083->3092 3084->3075 3086 14008069e-1400806b1 3085->3086 3087 1400806b7 call 1400b3060 3085->3087 3086->3023 3086->3087 3087->3084 3089->3075 3090->3089 3096 14008096c-14008096f 3090->3096 3091->3023 3091->3092 3092->3082 3100 14008097a-14008098b 3096->3100 3101 140080971-140080978 3096->3101 3103 14008098f-1400809bf call 14002b5f0 call 14002c7e0 call 1400b5694 3100->3103 3101->3103 3103->3012
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: File$PointerReadSize
                              • String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                              • API String ID: 404940565-15404121
                              • Opcode ID: e5d800745fb8e7e2dd03b421b13ff1905d1c5e73d58b6af64d1d7922d8c8c38c
                              • Instruction ID: 1db62b8b794dd3ca4bccbc185c38139f2fcf59a025558d5ec4928ed644292a46
                              • Opcode Fuzzy Hash: e5d800745fb8e7e2dd03b421b13ff1905d1c5e73d58b6af64d1d7922d8c8c38c
                              • Instruction Fuzzy Hash: 87321632614BC489EB61CF36D8803DD37A1F789788F508226EB8D5BBA9EB74C645C700
                              Function 00000001400A44E8 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 3110 1400a44e8-1400a4509 3111 1400a450b-1400a451e call 14009b1ac call 14009b1cc 3110->3111 3112 1400a4523-1400a4525 3110->3112 3129 1400a491f 3111->3129 3114 1400a452b-1400a4532 3112->3114 3115 1400a4907-1400a4914 call 14009b1ac call 14009b1cc 3112->3115 3114->3115 3118 1400a4538-1400a456c 3114->3118 3132 1400a491a call 140096d08 3115->3132 3118->3115 3121 1400a4572-1400a4579 3118->3121 3124 1400a457b-1400a458e call 14009b1ac call 14009b1cc 3121->3124 3125 1400a4593-1400a4596 3121->3125 3124->3132 3126 1400a459c-1400a459e 3125->3126 3127 1400a4903-1400a4905 3125->3127 3126->3127 3131 1400a45a4-1400a45a7 3126->3131 3133 1400a4922-1400a4931 3127->3133 3129->3133 3131->3124 3135 1400a45a9-1400a45cd 3131->3135 3132->3129 3139 1400a45cf-1400a45d2 3135->3139 3140 1400a4602-1400a460a 3135->3140 3143 1400a45fa-1400a4600 3139->3143 3144 1400a45d4-1400a45dc 3139->3144 3141 1400a460c-1400a4636 call 1400a4dd8 call 1400a2438 * 2 3140->3141 3142 1400a45de-1400a45f5 call 14009b1ac call 14009b1cc call 140096d08 3140->3142 3171 1400a4653-1400a467d call 1400a4bac 3141->3171 3172 1400a4638-1400a464e call 14009b1cc call 14009b1ac 3141->3172 3176 1400a4791 3142->3176 3147 1400a4681-1400a4692 3143->3147 3144->3142 3144->3143 3148 1400a4719-1400a4723 call 1400ae440 3147->3148 3149 1400a4698-1400a46a0 3147->3149 3162 1400a4729-1400a473f 3148->3162 3163 1400a47af 3148->3163 3149->3148 3152 1400a46a2-1400a46a4 3149->3152 3152->3148 3156 1400a46a6-1400a46c4 3152->3156 3156->3148 3160 1400a46c6-1400a46d2 3156->3160 3160->3148 3165 1400a46d4-1400a46d6 3160->3165 3162->3163 3168 1400a4741-1400a4753 GetConsoleMode 3162->3168 3167 1400a47b4-1400a47d5 ReadFile 3163->3167 3165->3148 3170 1400a46d8-1400a46f0 3165->3170 3173 1400a47db-1400a47e3 3167->3173 3174 1400a48cd-1400a48d6 call 1400d4220 3167->3174 3168->3163 3175 1400a4755-1400a475d 3168->3175 3170->3148 3178 1400a46f2-1400a46fe 3170->3178 3171->3147 3172->3176 3173->3174 3182 1400a47e9 3173->3182 3193 1400a48f3-1400a48f6 3174->3193 3194 1400a48d8-1400a48ee call 14009b1cc call 14009b1ac 3174->3194 3175->3167 3183 1400a475f-1400a4782 call 1400d43c0 3175->3183 3179 1400a4794-1400a479e call 1400a2438 3176->3179 3178->3148 3186 1400a4700-1400a4702 3178->3186 3179->3133 3190 1400a47f0-1400a4807 3182->3190 3200 1400a47a3-1400a47ad 3183->3200 3201 1400a4784 call 1400d4220 3183->3201 3186->3148 3195 1400a4704-1400a4714 3186->3195 3190->3179 3191 1400a4809-1400a4814 3190->3191 3198 1400a483b-1400a4843 3191->3198 3199 1400a4816-1400a482f call 1400a40f8 3191->3199 3204 1400a48fc-1400a48fe 3193->3204 3205 1400a478a-1400a478c call 14009b140 3193->3205 3194->3176 3195->3148 3208 1400a48bb-1400a48c8 call 1400a3f20 3198->3208 3209 1400a4845-1400a4857 3198->3209 3213 1400a4834-1400a4836 3199->3213 3200->3190 3201->3205 3204->3179 3205->3176 3208->3213 3214 1400a4859 3209->3214 3215 1400a48ae-1400a48b6 3209->3215 3213->3179 3218 1400a485f-1400a4866 3214->3218 3215->3179 3220 1400a48a3-1400a48a8 3218->3220 3221 1400a4868-1400a486c 3218->3221 3220->3215 3222 1400a4889 3221->3222 3223 1400a486e-1400a4875 3221->3223 3225 1400a488f-1400a489f 3222->3225 3223->3222 3224 1400a4877-1400a487b 3223->3224 3224->3222 3226 1400a487d-1400a4887 3224->3226 3225->3218 3227 1400a48a1 3225->3227 3226->3225 3227->3215
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 1e049b80a000f3e8df67c0bf099f5713ff563aac723c2cbcb527b6014d8204dd
                              • Instruction ID: 311eb4890aa1e646f6fda1dca96031ce27afa58cd9f7d28d97c51fe51a359056
                              • Opcode Fuzzy Hash: 1e049b80a000f3e8df67c0bf099f5713ff563aac723c2cbcb527b6014d8204dd
                              • Instruction Fuzzy Hash: 27C1C37A20468596E7629B2794403EE77A0F7E9BD4F554301FB4A07BF6CB78C4A5CB00
                              Function 0000000140034D60 Relevance: 9.5, APIs: 2, Strings: 3, Instructions: 797fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 3228 140034d60-140034e2f call 1400c0120 call 140034b80 call 140042b00 3235 140034e34-140034e7f FindFirstFileW call 14003f670 * 2 3228->3235 3236 140034e31 3228->3236 3241 140035678-140035683 3235->3241 3242 140034e85 3235->3242 3236->3235 3244 140035685 3241->3244 3245 14003568e 3241->3245 3243 140034e90-140034ea4 3242->3243 3246 140034ec8-140034ed3 3243->3246 3247 140034ea6-140034ea9 3243->3247 3244->3245 3248 14003564b-140035677 call 1400b3040 3245->3248 3250 140035616-14003562e FindNextFileW 3246->3250 3252 140034ed9-140034efa 3246->3252 3247->3250 3251 140034eaf-140034eb2 3247->3251 3250->3243 3253 140035634-14003563f 3250->3253 3251->3246 3255 140034eb4-140034eb7 3251->3255 3256 140034f00-140034f09 3252->3256 3253->3248 3257 140035641-14003564a 3253->3257 3255->3246 3258 140034eb9-140034ec2 3255->3258 3256->3256 3259 140034f0b-140034fb9 call 1400348f0 call 14002d230 call 14002d460 call 14003f670 call 14002cec0 3256->3259 3257->3248 3258->3246 3258->3250 3271 140034fc0-140034fc3 3259->3271 3272 140035064-140035070 3271->3272 3273 140034fc9-140034fdb call 1400429c0 3271->3273 3274 140035072-140035094 3272->3274 3275 1400350bc-14003510b call 14002cf00 call 14002cec0 3272->3275 3284 140035056-14003505f 3273->3284 3285 140034fdd-140034fe9 3273->3285 3277 1400350b7 call 1400b3060 3274->3277 3278 140035096-1400350b1 3274->3278 3299 140035157-14003517f 3275->3299 3300 14003510d-14003512f 3275->3300 3277->3275 3278->3277 3281 140035695-14003569a call 140096d28 3278->3281 3297 14003569b-1400356a0 call 140096d28 3281->3297 3284->3271 3288 140035035-140035051 3285->3288 3289 140034feb-14003500d 3285->3289 3291 14003521b-14003522d call 14002d460 3288->3291 3293 140035030 call 1400b3060 3289->3293 3294 14003500f-14003502a 3289->3294 3291->3250 3293->3288 3294->3293 3295 140035690 call 140096d28 3294->3295 3295->3281 3314 1400356a1 call 140096d28 3297->3314 3302 140035186-140035189 3299->3302 3305 140035152 call 1400b3060 3300->3305 3306 140035131-14003514c 3300->3306 3308 140035240-14003524c 3302->3308 3309 14003518f-1400351a1 call 1400429c0 3302->3309 3305->3299 3306->3297 3306->3305 3311 140035298-1400352bc 3308->3311 3312 14003524e-140035270 3308->3312 3323 140035232-14003523b 3309->3323 3324 1400351a7-1400351b3 3309->3324 3318 1400352de-1400352ee call 1400811c0 3311->3318 3319 1400352be-1400352c1 3311->3319 3315 140035293 call 1400b3060 3312->3315 3316 140035272-14003528d 3312->3316 3321 1400356a6-1400356ab call 140096d28 3314->3321 3315->3311 3316->3315 3316->3321 3336 140035307-14003530a 3318->3336 3337 1400352f0-140035302 call 14002d460 3318->3337 3319->3318 3325 1400352c3-1400352cf call 140034d60 3319->3325 3342 1400356ac-1400356d6 call 14002c990 3321->3342 3323->3302 3327 1400351b5-1400351d7 3324->3327 3328 1400351ff-140035213 3324->3328 3334 1400352d4-1400352d9 3325->3334 3332 1400351fa call 1400b3060 3327->3332 3333 1400351d9-1400351f4 3327->3333 3328->3291 3332->3328 3333->3314 3333->3332 3341 140035609-140035611 call 14002d460 3334->3341 3338 1400355dc-1400355e1 3336->3338 3339 140035310-14003531f call 1400343e0 3336->3339 3337->3250 3338->3341 3339->3338 3350 140035325-140035335 call 140080e60 3339->3350 3341->3250 3352 1400356d8-1400356e6 3342->3352 3353 140035705-140035721 3342->3353 3359 14003533a-140035343 3350->3359 3355 1400356e8-1400356fb 3352->3355 3356 140035700 call 1400b3060 3352->3356 3357 140035723-140035730 3353->3357 3358 14003574f-140035767 3353->3358 3360 140035768-14003576d call 140096d28 3355->3360 3361 1400356fd 3355->3361 3356->3353 3363 140035732-140035745 3357->3363 3364 14003574a call 1400b3060 3357->3364 3365 140035349-1400353ab call 140040780 call 14002cd90 3359->3365 3366 1400355ce-1400355db call 140030d20 3359->3366 3368 14003576e-1400357cf call 140096d28 3360->3368 3361->3356 3367 140035747 3363->3367 3363->3368 3364->3358 3384 1400353b0-1400354a4 call 140042000 call 1400422d0 call 14002fe70 call 14003e980 call 140040ce0 call 14003f8a0 * 2 3365->3384 3385 1400353ad 3365->3385 3366->3338 3367->3364 3379 1400357d5-1400357dc 3368->3379 3380 1400359ff-140035a2b call 1400b3040 3368->3380 3382 1400357e0-1400357f6 3379->3382 3386 1400357f8 3382->3386 3387 1400357fb-14003584a call 14004bec0 call 14002d230 3382->3387 3384->3342 3451 1400354aa-1400355cd call 140052030 call 14002fe70 call 14003e980 call 140040ce0 call 14003f990 call 14003e980 call 14003e8a0 call 140040ce0 3384->3451 3385->3384 3386->3387 3399 140035883-1400358ca call 14002e510 3387->3399 3400 14003584c-140035863 3387->3400 3409 1400358d0-1400358d3 3399->3409 3410 14003599d-14003599f 3399->3410 3402 140035865-140035878 3400->3402 3403 14003587e call 1400b3060 3400->3403 3402->3403 3407 140035a47-140035a96 call 140096d28 call 140088d70 3402->3407 3403->3399 3434 140035ab3-140035abb 3407->3434 3435 140035a98 3407->3435 3413 1400359a5-1400359ad 3409->3413 3414 1400358d9-1400358eb call 140080e60 3409->3414 3410->3413 3415 140035a32-140035a46 call 14002dc60 3410->3415 3420 1400359e1-1400359f9 3413->3420 3421 1400359af-1400359c5 3413->3421 3430 140035992-14003599b call 140030d20 3414->3430 3431 1400358f1-140035991 call 140052030 call 14003f990 call 14003e980 call 14003f990 call 14003e980 call 140040ce0 3414->3431 3415->3407 3420->3380 3420->3382 3426 1400359c7-1400359da 3421->3426 3427 1400359dc call 1400b3060 3421->3427 3426->3427 3432 140035a2c-140035a31 call 140096d28 3426->3432 3427->3420 3430->3413 3431->3430 3432->3415 3442 140035b24-140035b40 call 1400800d0 call 140034d60 3434->3442 3443 140035abd-140035ac5 3434->3443 3440 140035aa0-140035aa5 call 140034d60 3435->3440 3457 140035aaa-140035ab1 3440->3457 3470 140035b45-140035b55 3442->3470 3444 140035ac7-140035ad6 call 14002d460 3443->3444 3445 140035add-140035af3 3443->3445 3466 140035ad8 3444->3466 3453 140035af5-140035b08 3445->3453 3454 140035b0e-140035b1f call 1400b3060 3445->3454 3451->3366 3453->3454 3460 140035bc5-140035bca call 140096d28 3453->3460 3454->3442 3457->3434 3457->3440 3466->3445 3474 140035b57-140035b6e 3470->3474 3475 140035b8a-140035bbe call 1400b3040 3470->3475 3479 140035b85 call 1400b3060 3474->3479 3480 140035b70-140035b83 3474->3480 3479->3475 3480->3479 3481 140035bbf-140035bc4 call 140096d28 3480->3481 3481->3460
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: FileFind$FirstNext
                              • String ID: content$exists$filename
                              • API String ID: 1690352074-1949714836
                              • Opcode ID: fd423bae6550b93b27f2fd5a8b7918c102f4e44d23883bb563c61e2567874888
                              • Instruction ID: db733362f45c485840bcbbef7125c6d102ee5b7c7d0765ab6974e4f61369fe59
                              • Opcode Fuzzy Hash: fd423bae6550b93b27f2fd5a8b7918c102f4e44d23883bb563c61e2567874888
                              • Instruction Fuzzy Hash: 62828F72618BC091EA22EB26E4943DEB3A1F7897D4F505216FB9D07AB9DF78C580C740
                              Function 000000014008FED0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 3646 14008fed0-14008ff15 3647 14008ff1b-14008ff45 call 1400c0120 3646->3647 3648 1400901e1-14009021b call 140093640 call 140090780 3646->3648 3654 14008ff54-14008ff8d call 140063d10 call 140092770 call 140090780 3647->3654 3655 14008ff47-14008ff50 3647->3655 3656 140090220-140090226 3648->3656 3684 140090124-14009012b 3654->3684 3685 14008ff93-140090018 call 14002fe70 call 140063e70 call 140067880 call 1400643f0 3654->3685 3655->3654 3658 14009022c-1400902ab call 14002fe70 call 140063e70 call 140067880 call 1400643f0 3656->3658 3659 1400903b7-1400903bb 3656->3659 3713 1400904fb-140090517 call 140062ac0 call 1400b5694 3658->3713 3714 1400902b1-1400902b9 3658->3714 3662 140090489-140090490 3659->3662 3663 1400903c1-14009041e call 140040530 call 140040ce0 3659->3663 3668 14009045d-140090488 call 1400b3040 3662->3668 3669 140090492-1400904a7 3662->3669 3663->3668 3693 140090420-140090435 3663->3693 3675 1400904a9-1400904bc 3669->3675 3676 14009044c-140090458 call 1400b3060 3669->3676 3677 1400904be 3675->3677 3678 1400904c6-1400904cb call 140096d28 3675->3678 3676->3668 3677->3676 3701 1400904cc-1400904e8 call 140062ac0 call 1400b5694 3678->3701 3690 14009012d-140090173 call 140040530 3684->3690 3691 140090175-140090178 3684->3691 3685->3701 3741 14009001e-140090026 3685->3741 3709 1400901c0-1400901cf call 140040ce0 3690->3709 3697 14009017a-1400901bb call 140040530 3691->3697 3698 1400901d0-1400901dc call 140063b30 3691->3698 3693->3676 3700 140090437-14009044a 3693->3700 3697->3709 3698->3668 3700->3676 3700->3678 3732 1400904e9-1400904ee call 140096d28 3701->3732 3709->3698 3733 140090518-14009051d call 140096d28 3713->3733 3720 1400902ec-140090331 call 1400b4fb0 * 2 3714->3720 3721 1400902bb-1400902cc 3714->3721 3744 140090333-140090345 3720->3744 3745 140090365-140090378 3720->3745 3727 1400902ce-1400902e1 3721->3727 3728 1400902e7 call 1400b3060 3721->3728 3727->3728 3727->3733 3728->3720 3749 1400904ef-1400904f4 call 140096d28 3732->3749 3748 14009051e-140090523 call 140096d28 3733->3748 3746 14009005a-1400900a0 call 1400b4fb0 * 2 3741->3746 3747 140090028-14009003a 3741->3747 3752 140090360 call 1400b3060 3744->3752 3753 140090347-14009035a 3744->3753 3754 14009037a-14009038c 3745->3754 3755 1400903ac-1400903b2 3745->3755 3775 1400900a2-1400900b3 3746->3775 3776 1400900d3-1400900e5 3746->3776 3756 14009003c-14009004f 3747->3756 3757 140090055 call 1400b3060 3747->3757 3766 1400904f5-1400904fa call 140096d28 3749->3766 3752->3745 3753->3748 3753->3752 3762 14009038e-1400903a1 3754->3762 3763 1400903a7 call 1400b3060 3754->3763 3755->3659 3756->3732 3756->3757 3757->3746 3762->3763 3768 1400904c0-1400904c5 call 140096d28 3762->3768 3763->3755 3766->3713 3768->3678 3777 1400900ce call 1400b3060 3775->3777 3778 1400900b5-1400900c8 3775->3778 3779 140090119-14009011f 3776->3779 3780 1400900e7-1400900f9 3776->3780 3777->3776 3778->3749 3778->3777 3779->3684 3782 1400900fb-14009010e 3780->3782 3783 140090114 call 1400b3060 3780->3783 3782->3766 3782->3783 3783->3779
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: __std_exception_destroy
                              • String ID: value
                              • API String ID: 2453523683-494360628
                              • Opcode ID: 5812492ce86ed497bda655677196accbe50fb2d66106d9da4e0882e704bf4fea
                              • Instruction ID: e1201fbe2842836c1711549b92fe49df699a8957a4ef57640b057148a47efd92
                              • Opcode Fuzzy Hash: 5812492ce86ed497bda655677196accbe50fb2d66106d9da4e0882e704bf4fea
                              • Instruction Fuzzy Hash: DD029E72A25BC089EB02DB76D4903ED6761E7897E4F505212FBAD03AEADF78C585C700
                              Function 0000000140031D30 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 369registryCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Open
                              • String ID: directory_iterator::directory_iterator$exists$status
                              • API String ID: 71445658-3429586796
                              • Opcode ID: 6d3536808b6601f019be50ce807ded329804934b4cecdba008ecf2e1a869cbfa
                              • Instruction ID: d283b85e10e05eaa99e0bfa5fb90223c84540dd864d34c541b6d693e1038403f
                              • Opcode Fuzzy Hash: 6d3536808b6601f019be50ce807ded329804934b4cecdba008ecf2e1a869cbfa
                              • Instruction Fuzzy Hash: ED12F372515BC48AE7628F3ADC813D933A4F74D798F115215EB9C1BBA9EF348694C300
                              Function 0000000140081FA0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 460networkCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 4063 140081fa0-140081ff8 4064 1400820f9-14008210a 4063->4064 4065 140081ffe-140082011 call 1400b3110 4063->4065 4066 140082114-14008211d 4064->4066 4065->4064 4071 140082017-1400820be 4065->4071 4069 140082209-140082293 call 14004bec0 call 14002d230 4066->4069 4070 140082123-140082136 call 1400b3110 4066->4070 4085 1400822cc-140082331 call 14002e510 4069->4085 4086 140082295-1400822ac 4069->4086 4070->4069 4079 14008213c-1400821cf 4070->4079 4074 1400820c0-1400820c8 4071->4074 4074->4074 4077 1400820ca-1400820f7 call 14002fe70 call 1400b34bc call 1400b30a4 4074->4077 4077->4066 4080 1400821d0-1400821d7 4079->4080 4080->4080 4083 1400821d9-140082204 call 14002fe70 call 1400b34bc call 1400b30a4 4080->4083 4083->4069 4098 14008233d-140082340 4085->4098 4099 140082333-140082335 4085->4099 4090 1400822ae-1400822c1 4086->4090 4091 1400822c7 call 1400b3060 4086->4091 4090->4091 4095 1400827d8-1400827dd call 140096d28 4090->4095 4091->4085 4104 1400827de-1400827fa call 14002dc60 4095->4104 4106 1400823e2-14008245c call 1400c0120 call 140090530 4098->4106 4107 140082346-14008235d 4098->4107 4103 14008233b 4099->4103 4099->4104 4103->4107 4120 1400827fb-14008282d call 14002b5f0 call 14002c7e0 call 1400b5694 4104->4120 4128 140082462-1400824ab call 14008f070 call 140062740 4106->4128 4129 1400826c7-140082793 call 140051500 call 1400ba9e0 4106->4129 4112 140082399-1400823b2 4107->4112 4113 14008235f-140082379 4107->4113 4118 1400823b5-1400823e1 call 1400b3040 4112->4118 4116 14008237b-14008238e 4113->4116 4117 140082394 call 1400b3060 4113->4117 4116->4117 4121 1400827d2-1400827d7 call 140096d28 4116->4121 4117->4112 4143 140082832-14008286f call 14002b5f0 call 14002c7e0 call 1400b5694 4120->4143 4121->4095 4144 1400824b1-1400824dc 4128->4144 4145 140082533-140082558 call 14008da40 call 140062740 4128->4145 4129->4112 4146 140082799-1400827b3 4129->4146 4165 140082870-1400828ca call 14002b5f0 call 14002c7e0 call 1400b5694 4143->4165 4144->4120 4149 1400824e2-14008252e call 14008d880 call 140040ce0 call 140050810 call 14002d460 4144->4149 4162 14008255e-140082589 4145->4162 4163 1400825e0-14008263f call 14008da40 * 2 call 140062f30 4145->4163 4146->4117 4150 1400827b9-1400827cc 4146->4150 4149->4118 4150->4117 4150->4121 4162->4143 4167 14008258f-1400825db call 14008d880 call 140040ce0 call 140050810 call 14002d460 4162->4167 4163->4165 4188 140082645-14008268c call 14008d880 call 14003f990 call 14003f8a0 call 140040ce0 4163->4188 4191 1400828cc-1400828d6 4165->4191 4192 140082924-140082936 4165->4192 4167->4118 4204 140082691-1400826b0 call 140050810 call 14002d460 4188->4204 4195 1400828e0-140082900 send 4191->4195 4197 14008290c-140082923 4195->4197 4198 140082902-14008290a 4195->4198 4198->4195 4198->4197 4204->4118
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: AcquireExclusiveLocksend
                              • String ID: exists$ios_base::badbit set
                              • API String ID: 3546000550-2074760687
                              • Opcode ID: 603267f1e5945f7066521976707987ef831b7dbb5ea2156e3e1bb041e3b7de32
                              • Instruction ID: b75098c5373e60eabab32f1287f4528ca12a78606437dfc6c979fea06e0d9e6a
                              • Opcode Fuzzy Hash: 603267f1e5945f7066521976707987ef831b7dbb5ea2156e3e1bb041e3b7de32
                              • Instruction Fuzzy Hash: 00328F72219BC495EB62DB16E4943DAB361F7C97D0F504226EB8D47AB9EF38C644CB00
                              Function 0000000140070410 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: CryptDataFreeLocalUnprotect
                              • String ID:
                              • API String ID: 1561624719-0
                              • Opcode ID: 82b9eccce52bd76d2a38ae24875dcc72e8672f057a2d87ab5402ef8ecec02c81
                              • Instruction ID: afc872794842f5d7a80fe0b33be2d975e624f313f4f4beaab358a86cdb16878d
                              • Opcode Fuzzy Hash: 82b9eccce52bd76d2a38ae24875dcc72e8672f057a2d87ab5402ef8ecec02c81
                              • Instruction Fuzzy Hash: 97414132618B80CAE3218F75E4403ED37A4F75878CF054229FB8817E9ADB79C6A4C754
                              Function 0000000140088D70 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: DriveLogicalStrings
                              • String ID:
                              • API String ID: 2022863570-0
                              • Opcode ID: d4b67670b12d6b03bf4d03815cb1ab65ac5729a21ba3a626c25476bbd116bb90
                              • Instruction ID: 557e1561279e9319c45ff12f5330aa19f18cc0f904c9a554cfe8fd03b15ab88b
                              • Opcode Fuzzy Hash: d4b67670b12d6b03bf4d03815cb1ab65ac5729a21ba3a626c25476bbd116bb90
                              • Instruction Fuzzy Hash: 79414A32A18B8086E711CF25E88039EB765F798788F545215EF8823A7ADB78D6D1DB40
                              Function 00000001400BF088 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 2933 1400bf088-1400bf0fb call 1400bec68 2936 1400bf0fd-1400bf106 call 14009b1ac 2933->2936 2937 1400bf115-1400bf11f call 1400aa108 2933->2937 2944 1400bf109-1400bf110 call 14009b1cc 2936->2944 2942 1400bf13a-1400bf1a3 CreateFileW 2937->2942 2943 1400bf121-1400bf138 call 14009b1ac call 14009b1cc 2937->2943 2946 1400bf220-1400bf22b GetFileType 2942->2946 2947 1400bf1a5-1400bf1ab 2942->2947 2943->2944 2955 1400bf457-1400bf477 2944->2955 2949 1400bf27e-1400bf285 2946->2949 2950 1400bf22d-1400bf268 call 1400d4220 call 14009b140 call 1400d4118 2946->2950 2952 1400bf1ed-1400bf21b call 1400d4220 call 14009b140 2947->2952 2953 1400bf1ad-1400bf1b1 2947->2953 2959 1400bf28d-1400bf290 2949->2959 2960 1400bf287-1400bf28b 2949->2960 2950->2944 2980 1400bf26e-1400bf279 call 14009b1cc 2950->2980 2952->2944 2953->2952 2958 1400bf1b3-1400bf1eb CreateFileW 2953->2958 2958->2946 2958->2952 2964 1400bf296-1400bf2eb call 1400aa020 2959->2964 2966 1400bf292 2959->2966 2960->2964 2973 1400bf30a-1400bf33b call 1400be9f0 2964->2973 2974 1400bf2ed-1400bf2f9 call 1400bee74 2964->2974 2966->2964 2984 1400bf33d-1400bf33f 2973->2984 2985 1400bf341-1400bf384 2973->2985 2974->2973 2982 1400bf2fb 2974->2982 2980->2944 2986 1400bf2fd-1400bf305 call 1400a25b0 2982->2986 2984->2986 2988 1400bf3a6-1400bf3b1 2985->2988 2989 1400bf386-1400bf38a 2985->2989 2986->2955 2991 1400bf3b7-1400bf3bb 2988->2991 2992 1400bf455 2988->2992 2989->2988 2990 1400bf38c-1400bf3a1 2989->2990 2990->2988 2991->2992 2994 1400bf3c1-1400bf406 call 1400d4118 CreateFileW 2991->2994 2992->2955 2998 1400bf43b-1400bf450 2994->2998 2999 1400bf408-1400bf436 call 1400d4220 call 14009b140 call 1400aa248 2994->2999 2998->2992 2999->2998
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                              • String ID:
                              • API String ID: 1330151763-0
                              • Opcode ID: 89f66b6610d6b76355aad9393293e6923e70a4ceebab5d019a286a560852aeaf
                              • Instruction ID: 7e1bac18a1fa27ba0e3626425be6fd919a990661db27a343ff72421f1822e8fe
                              • Opcode Fuzzy Hash: 89f66b6610d6b76355aad9393293e6923e70a4ceebab5d019a286a560852aeaf
                              • Instruction Fuzzy Hash: 4EC1AA36720A4086EB11CFAAD4907ED37B1E38DBE8F015215EB6A9B7E4CB38C556C300
                              Function 0000000140092200 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 410COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 3785 140092200-14009223c 3786 140092242-14009225f 3785->3786 3787 1400923e1-1400923e6 call 14003e530 3785->3787 3788 1400923db-1400923e0 call 14002b320 3786->3788 3789 140092265-140092276 3786->3789 3797 1400923e7-14009242c call 140096d28 3787->3797 3788->3787 3789->3788 3791 14009227c-14009228b 3789->3791 3795 14009229d-1400922a4 3791->3795 3796 14009228d-14009229b 3791->3796 3799 1400922d4-1400922d7 call 1400b3188 3795->3799 3800 1400922a6-1400922ad 3795->3800 3798 1400922eb-140092340 3796->3798 3815 1400925ea-1400925ef call 14003e530 3797->3815 3816 140092432-14009244f 3797->3816 3805 140092342-140092345 3798->3805 3806 140092347-14009235d call 140094820 3798->3806 3811 1400922dc-1400922df 3799->3811 3800->3788 3802 1400922b3-1400922bb call 1400b3188 3800->3802 3802->3797 3819 1400922c1-1400922d2 3802->3819 3807 140092361-140092373 call 140094820 3805->3807 3806->3807 3823 1400923b2-1400923da 3807->3823 3824 140092375-140092393 call 140034cc0 3807->3824 3817 1400922e4-1400922e9 3811->3817 3832 1400925f0-140092624 call 140096d28 3815->3832 3820 1400925e4-1400925e9 call 14002b320 3816->3820 3821 140092455-140092466 3816->3821 3817->3798 3819->3817 3820->3815 3821->3820 3826 14009246c-14009247b 3821->3826 3842 1400923ad call 1400b3060 3824->3842 3843 140092395-1400923a8 3824->3843 3830 14009248d-140092494 3826->3830 3831 14009247d-14009248b 3826->3831 3835 1400924c4-1400924cf call 1400b3188 3830->3835 3836 140092496-14009249d 3830->3836 3834 1400924db-140092538 3831->3834 3845 14009275a-14009275f call 14003e530 3832->3845 3846 14009262a-140092647 3832->3846 3840 14009253a-14009253d 3834->3840 3841 14009253f-140092555 call 1400948d0 3834->3841 3856 1400924d4-1400924d9 3835->3856 3836->3820 3844 1400924a3-1400924ab call 1400b3188 3836->3844 3848 140092559-14009256b call 1400948d0 3840->3848 3841->3848 3842->3823 3843->3797 3850 1400923aa 3843->3850 3844->3832 3860 1400924b1-1400924c2 3844->3860 3866 140092760-140092765 call 14002b320 3845->3866 3854 140092679-14009268c 3846->3854 3855 140092649-14009264e 3846->3855 3871 1400925bb-1400925e3 3848->3871 3872 14009256d-140092574 3848->3872 3850->3842 3862 14009268e-140092695 3854->3862 3863 140092697-14009269e 3854->3863 3861 140092658-140092660 call 1400b3188 3855->3861 3856->3834 3860->3856 3885 140092754-140092759 call 140096d28 3861->3885 3886 140092666-140092677 3861->3886 3868 1400926c9-1400926fd call 1400c0120 call 1400bfa80 3862->3868 3869 1400926a0-1400926ac 3863->3869 3870 1400926b4-1400926c4 call 1400b3188 3863->3870 3895 14009272c-140092753 3868->3895 3896 1400926ff-14009270d 3868->3896 3869->3866 3876 1400926b2 3869->3876 3870->3868 3878 140092576-140092585 call 14002d460 3872->3878 3879 140092587-14009259c 3872->3879 3876->3861 3878->3879 3883 14009259e-1400925b1 3879->3883 3884 1400925b6 call 1400b3060 3879->3884 3883->3832 3890 1400925b3 3883->3890 3884->3871 3885->3845 3886->3868 3890->3884 3897 14009270f-140092722 3896->3897 3898 140092727 call 1400b3060 3896->3898 3897->3885 3899 140092724 3897->3899 3898->3895 3899->3898
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID: 3G
                              • API String ID: 118556049-4175570335
                              • Opcode ID: dc13ff376bcf86e98a9bd46123576a4ecea656a87780a0d93674023c741dea10
                              • Instruction ID: 027559f12c40b68a589cec7442c04c586ebfd30c2bed3669483d128cae4efade
                              • Opcode Fuzzy Hash: dc13ff376bcf86e98a9bd46123576a4ecea656a87780a0d93674023c741dea10
                              • Instruction Fuzzy Hash: 60E1CF32311B8482EA26DF66E5507AE63A4F748BE4F158625BFAD07BE5DF38C590C300
                              Function 000000014008BC70 Relevance: 6.1, APIs: 4, Instructions: 123COMMON
                              Download Yara Rule

                              Control-flow Graph

                              • Executed
                              • Not Executed
                              control_flow_graph 4040 14008bc70-14008bcb9 GetEnvironmentStringsW 4041 14008bcc0-14008bcc4 4040->4041 4042 14008bdaa 4041->4042 4043 14008bcca-14008bceb call 14008f2d0 4041->4043 4044 14008bdae-14008bdb0 4042->4044 4047 14008bced-14008bd1d 4043->4047 4048 14008bd1f-14008bd25 call 140092200 4043->4048 4044->4041 4049 14008bd2b-14008bd34 4047->4049 4051 14008bd2a 4048->4051 4052 14008bd69-14008bd86 4049->4052 4053 14008bd36-14008bd4d 4049->4053 4051->4049 4052->4044 4054 14008bd88-14008bda9 FreeEnvironmentStringsW 4052->4054 4055 14008bd4f-14008bd62 4053->4055 4056 14008bd64 call 1400b3060 4053->4056 4055->4056 4058 14008bdb5-14008bdf1 call 140096d28 4055->4058 4056->4052 4061 14008bdf3-14008be23 RtlInitUnicodeString * 2 4058->4061 4062 14008be24-14008be37 4058->4062
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: EnvironmentInitStringStringsUnicode$Free
                              • String ID:
                              • API String ID: 2488768755-0
                              • Opcode ID: 2024ece25ad8d0dfea4effba769dec7aa09a5c5de80b191ca38a469a83a442ee
                              • Instruction ID: b7dc9a918e5ba752c6d1a4cb5c38ae9a660f8eccf0d9eb2d11592ecb9e15c57e
                              • Opcode Fuzzy Hash: 2024ece25ad8d0dfea4effba769dec7aa09a5c5de80b191ca38a469a83a442ee
                              • Instruction Fuzzy Hash: 40519C73A14B8082EB129F2AE44039D7760FB99BD4F549201EB9903BA9DF78D2E1C300
                              Function 0000000140088A60 Relevance: 4.6, APIs: 3, Instructions: 96registryCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: EnumOpen
                              • String ID:
                              • API String ID: 3231578192-0
                              • Opcode ID: 874aa622c5a3d824425461c65662d2d43391222831d7590eb0f667cf23b31fbc
                              • Instruction ID: 1f3d119ddd6be03377ae911e8af97b363e8761d5105245f1140f8753357e1b7f
                              • Opcode Fuzzy Hash: 874aa622c5a3d824425461c65662d2d43391222831d7590eb0f667cf23b31fbc
                              • Instruction Fuzzy Hash: 8B316F32600B8486E721CFA2E854B9E77B4FB587D8F200215EF9917BA9DF78C596C700
                              Function 000000014003EF30 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID:
                              • API String ID: 118556049-3916222277
                              • Opcode ID: d55a3be85ee1055ffb164e61d513251a61e523bc0d60f301511b3fa1e8536299
                              • Instruction ID: f6480eac9df0a921f3b00285bac3b51a84fd8ea17e78b66d21925ff5f031d515
                              • Opcode Fuzzy Hash: d55a3be85ee1055ffb164e61d513251a61e523bc0d60f301511b3fa1e8536299
                              • Instruction Fuzzy Hash: 47514772304B8496EB1A8F2AD5943AD33A0F748BD4F948626EF5D43BA5CF79D4A1D300
                              Function 0000000140045510 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID: cannot use operator[] with a numeric argument with
                              • API String ID: 118556049-485864652
                              • Opcode ID: 2dc08532d42dd49a5db915f0d5e93add294414e31bce98d7278f60cda99f26a2
                              • Instruction ID: 371ac32ebd64c0a65e8e7c90172ce9660e8c02a6c767e6c44b0ce195739b907e
                              • Opcode Fuzzy Hash: 2dc08532d42dd49a5db915f0d5e93add294414e31bce98d7278f60cda99f26a2
                              • Instruction Fuzzy Hash: 04312472305B8095EE12AF27A5443EC6366A70CBD5F594635BF6D0B7E6DE38C081C308
                              Function 00000001400800D0 Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: FolderFreeKnownPathTask
                              • String ID:
                              • API String ID: 969438705-0
                              • Opcode ID: 4c56703e9db33eba310997f99d84547c884f29c524f839be628be20939f7ed24
                              • Instruction ID: 5add4f13673e70b7bdbdfcd835062785cbc84354746477c7e55e7b925aee7934
                              • Opcode Fuzzy Hash: 4c56703e9db33eba310997f99d84547c884f29c524f839be628be20939f7ed24
                              • Instruction Fuzzy Hash: B9315372A14B8481E7218F6AE44535EB761F79D7F4F205315FBAC076A9DB7CC1818B40
                              Function 0000000140095764 Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: a78507b222b037ada6aaee86a71bd75569a92845782e1ac6615e1f2c814324ca
                              • Instruction ID: bbaf9462e4f046ec167b3a9a7a0f9b6edd47eb1ea2c96129a4b6d0734281efab
                              • Opcode Fuzzy Hash: a78507b222b037ada6aaee86a71bd75569a92845782e1ac6615e1f2c814324ca
                              • Instruction Fuzzy Hash: 0F21AD32611A4481EA52EB57E8603EE7B61F799BD0F940126F71A473F2EE38C605C710
                              Function 00000001400A4A5C Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: ErrorFileLastPointer
                              • String ID:
                              • API String ID: 2976181284-0
                              • Opcode ID: eaf1f8ef5c1a5b971a02933aa1c6ac7e64f220fe336981d63eb8f17af6bd5ebf
                              • Instruction ID: f8e6f1071c676b52ad1aa0f5b0496d911791eba876e8f28b275869f888e200a0
                              • Opcode Fuzzy Hash: eaf1f8ef5c1a5b971a02933aa1c6ac7e64f220fe336981d63eb8f17af6bd5ebf
                              • Instruction Fuzzy Hash: E7119E76304B8081DB518B2AB844399A361A7A8BF4F644311FF7A0BBE9DF78C5918B44
                              Function 00000001400B3188 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                              • String ID:
                              • API String ID: 1173176844-0
                              • Opcode ID: 2bbe7cb00d650c8495b1a37f35418748bfe0d1b071b89c59af51de45b9438ea8
                              • Instruction ID: 685ad68cefcec46e584e821244bf574e3d27143f29d456f05cd7c7f67cb7bed9
                              • Opcode Fuzzy Hash: 2bbe7cb00d650c8495b1a37f35418748bfe0d1b071b89c59af51de45b9438ea8
                              • Instruction Fuzzy Hash: 88E0173061290941FD2B7AFB29163F501A81BAC7F0E2C1F247F760B2F3B934889A8211
                              Function 00000001400A2438 Relevance: 2.5, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: ErrorFreeHeapLast
                              • String ID:
                              • API String ID: 485612231-0
                              • Opcode ID: 18741f14ee5fc7649e3f7a422f3a70dec762688bbcda5cce3cbbb9842fc06645
                              • Instruction ID: c39f6ac59647204107da711e08ca7cb678c5d8f0a2a5e56943ae5d841e8e081c
                              • Opcode Fuzzy Hash: 18741f14ee5fc7649e3f7a422f3a70dec762688bbcda5cce3cbbb9842fc06645
                              • Instruction Fuzzy Hash: 88E08C70B0120083FB1A6BB3A8853E912905F9CBC1F844024BB51532B1DA3888864610
                              Function 00000001400945C0 Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID:
                              • API String ID: 118556049-0
                              • Opcode ID: 4ea5165e7de84b1b253d8127532d31a6650a8b8caeec333f5e5f1acc1f8b9973
                              • Instruction ID: bc073ab4adc3091bf12103c657801eab9ed7c06d7e2875572eff87a04387dcaa
                              • Opcode Fuzzy Hash: 4ea5165e7de84b1b253d8127532d31a6650a8b8caeec333f5e5f1acc1f8b9973
                              • Instruction Fuzzy Hash: 4E61CC76305A8884EB16DF1BD1547AD63A1E30AFD8F148611EF6D0B7E5DB38C896C300
                              Function 000000014002DCC0 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: __std_fs_directory_iterator_open
                              • String ID:
                              • API String ID: 4007087469-0
                              • Opcode ID: 52c95a36d420af7ed9acb9f760d76bb5a4f15eb4bca73a49b86378a71e5a7803
                              • Instruction ID: 23402884ce9da217c50eaeb71816ce61ababfff17732451bc600fe74fdc2cba9
                              • Opcode Fuzzy Hash: 52c95a36d420af7ed9acb9f760d76bb5a4f15eb4bca73a49b86378a71e5a7803
                              • Instruction Fuzzy Hash: 4161B072B10B4085FF12AB6AD4903EC33A1E7597E8F41461AFF195BAE9DB74CD918340
                              Function 0000000140045680 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID:
                              • API String ID: 118556049-0
                              • Opcode ID: 8f8ca1fe15d32ca870fd529cd5e95e1df55c2549d8fc7ade433c24bc009aa3ba
                              • Instruction ID: ede7f60db1231b1048735d48ce7f8fc5d804a45ca4f500518fa05de5e20aac2a
                              • Opcode Fuzzy Hash: 8f8ca1fe15d32ca870fd529cd5e95e1df55c2549d8fc7ade433c24bc009aa3ba
                              • Instruction Fuzzy Hash: D041BB72319B8481EA12AF17E5443DDA3A5B70CBD5F584635EFAE0B7A6DE38C4428308
                              Function 0000000140069F40 Relevance: 1.6, APIs: 1, Instructions: 123COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task
                              • String ID:
                              • API String ID: 118556049-0
                              • Opcode ID: 12bdea5b5970b790af7726231cd17ac1295919ca1ed51c8ec952b2f6770b8b50
                              • Instruction ID: 53a79a959c22fab3bc5a5401574e6ab8f61459da064b79c2914bf5a3a7b2c03d
                              • Opcode Fuzzy Hash: 12bdea5b5970b790af7726231cd17ac1295919ca1ed51c8ec952b2f6770b8b50
                              • Instruction Fuzzy Hash: 1A417072214B8481EA25DF66E5543AEB3A5F74DBD0F608A25FBAD03BA5DF3CC4508700
                              Function 00000001400A2934 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 38e4acc591baea26d45ae4966e7f45e4d0796fac061fbd998d0e3074de549c94
                              • Instruction ID: ff31ce48bc4bfb596dcc217db2409a5c95c38712441d1df2350013c1e2d47250
                              • Opcode Fuzzy Hash: 38e4acc591baea26d45ae4966e7f45e4d0796fac061fbd998d0e3074de549c94
                              • Instruction Fuzzy Hash: F9419A3221064487EA36CF1AE5403EA77A0F7A9BD4F140215FB86877B1CB38D982CB52
                              Function 0000000140044E89 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b16cbce662e4213225d607acafa7ef867beae065a31398f2fed9e873b888393c
                              • Instruction ID: 4f323dcee4391808b88f134d66f0dfc9770cd5a34c42c1311fc9159ece3a50e5
                              • Opcode Fuzzy Hash: b16cbce662e4213225d607acafa7ef867beae065a31398f2fed9e873b888393c
                              • Instruction Fuzzy Hash: 6A31E272305B8095EF26DF17E5003EDA362E74CBD8F594531BB5D0BBAADA38C5958308
                              Function 000000014003F990 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                              Download Yara Rule
                              APIs
                              • Concurrency::cancel_current_task.LIBCPMT ref: 000000014003FA98
                                • Part of subcall function 000000014002B320: __std_exception_copy.LIBVCRUNTIME ref: 000000014002B368
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Concurrency::cancel_current_task__std_exception_copy
                              • String ID:
                              • API String ID: 317858897-0
                              • Opcode ID: f4b55cb47205c8e9704b4a1c1ada22670ca4bc633050713cc9845fdddc8a9b84
                              • Instruction ID: 47077dbd96d4df3240ed2693c01ed96c8be32edbc81a6a70982af7bfefbd0e6c
                              • Opcode Fuzzy Hash: f4b55cb47205c8e9704b4a1c1ada22670ca4bc633050713cc9845fdddc8a9b84
                              • Instruction Fuzzy Hash: B821C372A01B4441EA1BAF56A1403FA2390A748BE4F244625AB7C07BE2EA78C5D29340
                              Function 00000001400A43CC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 34b7f82968351960678e391b9667d0d7d034be054c1c945fc0f6c6627217f2c9
                              • Instruction ID: 66b28db9534addba0a85dd77e33a237dc12179b96d44befbaf29bd21c0a2d934
                              • Opcode Fuzzy Hash: 34b7f82968351960678e391b9667d0d7d034be054c1c945fc0f6c6627217f2c9
                              • Instruction Fuzzy Hash: D2318D3661160086F713AF6799813ED3A90A7EDBE5F964305FB1907BF2CB78C4818B11
                              Function 00000001400BE92C Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: e40550800b60e1bb72f775c1a83921a0ac67828d27f0c48bc289fab70a9f8f5a
                              • Instruction ID: c334e94fdc1e1dc7971d03bd6093cbe29ca5be00248b0fa17f87788e0dc828fe
                              • Opcode Fuzzy Hash: e40550800b60e1bb72f775c1a83921a0ac67828d27f0c48bc289fab70a9f8f5a
                              • Instruction Fuzzy Hash: B321A832214A8087DBA2CF6AD4403A977B0F789BD4F544225F7994B6F9DB39C8058B00
                              Function 00000001400BC5E8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 9389d579a3a6dcf4e774c0897c4e4e35c49baa7c9073152e8fc6a039c31dfcd2
                              • Instruction ID: fff2f8e84ef314ea999d243f31c69ff2bcf221428cf1d2c9fba5e89259d18593
                              • Opcode Fuzzy Hash: 9389d579a3a6dcf4e774c0897c4e4e35c49baa7c9073152e8fc6a039c31dfcd2
                              • Instruction Fuzzy Hash: C9118132324E8081EA729F9394107EEA3B4BB8DBC4F544421FB9957BB6DB78D9804B40
                              Function 00000001400355E3 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: FileFindNext
                              • String ID:
                              • API String ID: 2029273394-0
                              • Opcode ID: 74ae114ab83ba0bdbd64def7fc9c5cd46c4c538ffc988a7ac250435435fdc9d1
                              • Instruction ID: d32f629da9f9a1b966391ccf1de074b93170d508d09e4cf9410fbf28212e18ec
                              • Opcode Fuzzy Hash: 74ae114ab83ba0bdbd64def7fc9c5cd46c4c538ffc988a7ac250435435fdc9d1
                              • Instruction Fuzzy Hash: 8C01EC36218A8081DA61DB52F45439AA364F788BD4F504026EF8D53B69DE38D9868B00
                              Function 0000000140095E64 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID:
                              • API String ID: 3215553584-0
                              • Opcode ID: 39da4e3257f63eb5f1de1f3a9c279ffd339e2eab57b4aa58fdc0b0940a098516
                              • Instruction ID: 71d0ee86e6f2c17c8e5f2576092f5ce91377403d71e497d6511c23788c9a206e
                              • Opcode Fuzzy Hash: 39da4e3257f63eb5f1de1f3a9c279ffd339e2eab57b4aa58fdc0b0940a098516
                              • Instruction Fuzzy Hash: 51E0223260560042EB2A7BBB92803A876606F1C7F0F104720B734032E2DB31C8A04600
                              Function 00000001400B938C Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: FileFindNext
                              • String ID:
                              • API String ID: 2029273394-0
                              • Opcode ID: 0664abf9f2bd90c5cf979f94efd67d533afdb6b1b4d70673d51c753431c4c20e
                              • Instruction ID: 8bfeb1da91aebbbdcaab9047d5cf318d8cd871cb64d4e86293c1e7a3d8382537
                              • Opcode Fuzzy Hash: 0664abf9f2bd90c5cf979f94efd67d533afdb6b1b4d70673d51c753431c4c20e
                              • Instruction Fuzzy Hash: EFC09B34F11901C3E7551BB37C8239911E07B4C7D1F80C420F30582170D97C82E74721
                              Function 00000001400A2AA0 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: AllocHeap
                              • String ID:
                              • API String ID: 4292702814-0
                              • Opcode ID: 4ba3e788e5f06de8d0d7a42dc83ad3e036eb6a66a1ad80d3e2e9592768c94d4b
                              • Instruction ID: 752c29c6aea045825f53652dbd69cb5a14d3db7a4a20548f5c26e44ff5818212
                              • Opcode Fuzzy Hash: 4ba3e788e5f06de8d0d7a42dc83ad3e036eb6a66a1ad80d3e2e9592768c94d4b
                              • Instruction Fuzzy Hash: 5CF01D7431564142FE6B5A6B59513E612946BBCBC0F4C56306B4A877F2EE3CC8C58A21
                              Function 00000001400A4DD8 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: AllocHeap
                              • String ID:
                              • API String ID: 4292702814-0
                              • Opcode ID: b120254d9379692dd817d43f0c6e29d8dfdac875a721a9b9a6c6b8b58a0ff019
                              • Instruction ID: 8ea3dd8dd1bface21b64ce9806e03740ec0eb6c93f9e42283125b95ce6f408d0
                              • Opcode Fuzzy Hash: b120254d9379692dd817d43f0c6e29d8dfdac875a721a9b9a6c6b8b58a0ff019
                              • Instruction Fuzzy Hash: 26F08C3470524041FF679AB36A003E912946BEC7E0F480B207F2687AE6DBB8C4C14910

                              Non-executed Functions

                              Function 0000000140070830 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 168networkfileCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Internet$CloseFileHandleOpenRead
                              • String ID: File Downloader
                              • API String ID: 4038090926-3631955488
                              • Opcode ID: 52bd89ad8ebb9be53841be3c73c5e0ed2e683531a2068f7cd7ad79eb8aad156f
                              • Instruction ID: c0e86da1592285b89577fac2bab92ff338ef488720a891908ff57b91ef877816
                              • Opcode Fuzzy Hash: 52bd89ad8ebb9be53841be3c73c5e0ed2e683531a2068f7cd7ad79eb8aad156f
                              • Instruction Fuzzy Hash: 0151D232305B8486FB129F67A8403E973A0EB4CBD4F544625FF9807BA6DF78C5928300
                              Function 00000001400AE120 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                              • String ID:
                              • API String ID: 2591520935-0
                              • Opcode ID: 8b353bbc207da57c2e890947fb281266b35f90efee0bed1458746f694561a586
                              • Instruction ID: 677ceeff8a2bba887c9a0b7ac93e0c349c3f277213e01444a287f0232e46ac79
                              • Opcode Fuzzy Hash: 8b353bbc207da57c2e890947fb281266b35f90efee0bed1458746f694561a586
                              • Instruction Fuzzy Hash: CD7199327106908AFF129B62D8517ED33B4BB6CBC4F444626AF49537A5EB38C985CB60
                              Function 0000000140063140 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 410COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: __std_exception_destroy
                              • String ID: value
                              • API String ID: 2453523683-494360628
                              • Opcode ID: bae27fa2daf5ce1be9dfc262d1c1d88d70d1ddb257fd21f42819694c13eac75d
                              • Instruction ID: 374fd13976cd9cbbda9cc40f90f6c8f2c06360a5034c87a87c28f92700483217
                              • Opcode Fuzzy Hash: bae27fa2daf5ce1be9dfc262d1c1d88d70d1ddb257fd21f42819694c13eac75d
                              • Instruction Fuzzy Hash: AC028D72624BC085EB02DB76D8903ED6761E7897E4F605615FBAD03AEADF78C185C340
                              Function 00000001400BB8D4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Strings
                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00000001400BB957
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: DebugDebuggerErrorLastOutputPresentString
                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                              • API String ID: 389471666-631824599
                              • Opcode ID: 3a1574b4cf2c068a6f73bfaec146d08bcbd253e864d6d7ab073666d02a8d1c97
                              • Instruction ID: 8c3ffa0e390ebcd7287117dcdab8348907fa21c2710699d16252293fc25dea72
                              • Opcode Fuzzy Hash: 3a1574b4cf2c068a6f73bfaec146d08bcbd253e864d6d7ab073666d02a8d1c97
                              • Instruction Fuzzy Hash: 73117C32210B40A7F7469B63E6553E933A4FB0C785F444125EB4A83A70EF78D5B8C750
                              Function 00000001400B40E8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                              • String ID:
                              • API String ID: 2933794660-0
                              • Opcode ID: c85254f88d441f93c9fadce3d916be205d43b39c9e8ef0887fe99bc8a8d9c2d7
                              • Instruction ID: 4a5d1a9ce6991a4af6b95b257a39ca8fda0ee4838a81d21514d5a7b72354c1e5
                              • Opcode Fuzzy Hash: c85254f88d441f93c9fadce3d916be205d43b39c9e8ef0887fe99bc8a8d9c2d7
                              • Instruction Fuzzy Hash: A5112A36710F018AEB00CF61E8543A833A4F75D798F450E25EB6D877A4DFB8C1959390
                              Function 00000001400A3090 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: InfoLocale
                              • String ID: GetLocaleInfoEx
                              • API String ID: 2299586839-2904428671
                              • Opcode ID: 38d78014101564a752724bc621f730dcdbe557dc4a32a0c4965190c9e46fe1e2
                              • Instruction ID: 0d9b71b41e46235a6b4c64160a8c6e87872d36b1a4377eb6e2c41c8ca465d5c3
                              • Opcode Fuzzy Hash: 38d78014101564a752724bc621f730dcdbe557dc4a32a0c4965190c9e46fe1e2
                              • Instruction Fuzzy Hash: F4016231704A8086EB469B67B4407DAA760EB9DBC0F584135FF4903BB5CE38C5428790
                              Function 00000001400D4118 Relevance: .0, Instructions: 26COMMONLIBRARYCODE
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c80d82fee14e70756c96fffe48ca478f67024baad27bf2644eccdedac28b85cc
                              • Instruction ID: 583a6451d315d86482f9d29e7cff008cbcca3771fa9541462f1d33d5b0b85f09
                              • Opcode Fuzzy Hash: c80d82fee14e70756c96fffe48ca478f67024baad27bf2644eccdedac28b85cc
                              • Instruction Fuzzy Hash: 0EF0829FD59ED212FA5341190C163D91B81AF277F4E180379AF386B2E25B1998035224
                              Function 00000001400D40D8 Relevance: .0, Instructions: 3COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9e3404fac62a40ecc1a023b7b6c28be12ef63c2e7462e9ca34998b29872df307
                              • Instruction ID: 4a01d2d65d37945e2421efb18d16d34f3968ebe0554418cb56038d5111e66f16
                              • Opcode Fuzzy Hash: 9e3404fac62a40ecc1a023b7b6c28be12ef63c2e7462e9ca34998b29872df307
                              • Instruction Fuzzy Hash:
                              Function 000000014009F0C0 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Value$ErrorLast$Heap$AllocFree
                              • String ID:
                              • API String ID: 570795689-0
                              • Opcode ID: fa7bb8e53e6df5224e78cdfaea57a7a090318e29cb18f213b4c860a7efa4244c
                              • Instruction ID: 68b57aa3816c087398a4224c8fbabd7138c6a5b22c976d4b8f51e0bae11e5bbc
                              • Opcode Fuzzy Hash: fa7bb8e53e6df5224e78cdfaea57a7a090318e29cb18f213b4c860a7efa4244c
                              • Instruction Fuzzy Hash: 1641803030520486FAABA737A9513FE22925F5C7F4F540739BB360B6F6DE7898816790
                              Function 00000001400B98A8 Relevance: 16.8, APIs: 11, Instructions: 318COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: Handle$File$ErrorInformationLast$Close__std_fs_open_handle$CreateFeaturePresentProcessor
                              • String ID:
                              • API String ID: 2221425841-0
                              • Opcode ID: ad3e9298aeb44403546d6a016772fc9da57020dea84ee0de8089a149bed9bc16
                              • Instruction ID: aa59bf950eddcf277865884bf0b95d65f9ac635cc4dd93d80d6bc0a77e7fc470
                              • Opcode Fuzzy Hash: ad3e9298aeb44403546d6a016772fc9da57020dea84ee0de8089a149bed9bc16
                              • Instruction Fuzzy Hash: 73C1E631700A8089FB624FBB94047ED6BB1BB5DBE4F184215EF5667BE6DB78C4418740
                              Function 00000001400BB19C Relevance: 9.2, APIs: 6, Instructions: 206COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: ByteCharMultiStringWide
                              • String ID:
                              • API String ID: 2829165498-0
                              • Opcode ID: 1d2981027ae59fac705eeccbb109355d03c6fc085db9007b30242bacda297815
                              • Instruction ID: 6075c61ae14a0a47515c67ee17ed355b2a884833940e5d1254ec4bc321ba5be6
                              • Opcode Fuzzy Hash: 1d2981027ae59fac705eeccbb109355d03c6fc085db9007b30242bacda297815
                              • Instruction Fuzzy Hash: 4681C172200B8087EB268FA2E85039D77E5FB58BE8F144621FB5947BE9DBB8C501C700
                              Function 00000001400BD9B8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: _invalid_parameter_noinfo
                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                              • API String ID: 3215553584-1196891531
                              • Opcode ID: 52d2e1ded8eb554064c4cb981e42dda595611719be45fd956e39e49f6aab8990
                              • Instruction ID: a7380f8d91c0f51d8c5017247360c936db88b11f39ee120fc7b39bc71795c185
                              • Opcode Fuzzy Hash: 52d2e1ded8eb554064c4cb981e42dda595611719be45fd956e39e49f6aab8990
                              • Instruction Fuzzy Hash: 29819FB6604A01C6FB678FAB8250BF8BAB0A31DBD8F568007FB01572F5E339C9419741
                              Function 0000000140046090 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 171COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::_
                              • String ID: bad locale name
                              • API String ID: 1287851536-1405518554
                              • Opcode ID: 506707e2d240d4ab0b537c69dfcf1fb6c5038538439ce55b666aef880623bdb8
                              • Instruction ID: 489c8c2ba9abbea0c29969b52741dad31773e5bb770f95e1fec64f7120da926a
                              • Opcode Fuzzy Hash: 506707e2d240d4ab0b537c69dfcf1fb6c5038538439ce55b666aef880623bdb8
                              • Instruction Fuzzy Hash: A3718E32B02B408AFB12DFB6D4513DC3372EB49798F044525EF5927AAADE38C455C388
                              Function 0000000140059950 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 140COMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: __std_exception_destroy
                              • String ID: at line $, column
                              • API String ID: 2453523683-191570568
                              • Opcode ID: 875daaafa384ddb290e5272c42d1ea0d07dec2c117082f6cf2be1406e08a2c5a
                              • Instruction ID: 5207224b8eb66a8d2bcd0b877e44d41c590973a9f0545e09de86757c3ae7f246
                              • Opcode Fuzzy Hash: 875daaafa384ddb290e5272c42d1ea0d07dec2c117082f6cf2be1406e08a2c5a
                              • Instruction Fuzzy Hash: 0D51BF72604B8081EB11DF5BE1803AEB761F789BD4F144212FBA907BAADF79C591C740
                              Function 00000001400B90DC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                              Download Yara Rule
                              APIs
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: AddressHandleModuleProc
                              • String ID: GetTempPath2W$kernel32.dll
                              • API String ID: 1646373207-1846531799
                              • Opcode ID: 3a88399276a8991c765a238947144622f033e298172f0102f8c10e8fe062d9c5
                              • Instruction ID: 314276daedbd8c3379550707c53152423bdaefd57b6adaad12429f531f7f3858
                              • Opcode Fuzzy Hash: 3a88399276a8991c765a238947144622f033e298172f0102f8c10e8fe062d9c5
                              • Instruction Fuzzy Hash: 7EE0E531310A8582EF469F12F9897AD2321BF9CBC5F885025EA5E47334DF38C48A8710
                              Function 00000001400A2128 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: ConsoleErrorLastMode
                              • String ID:
                              • API String ID: 953036326-0
                              • Opcode ID: eff3b50df2d8f10e201eca562cd76daf8c611fc7857359750e57e40757c68bca
                              • Instruction ID: 7d4959ebbf95b692b16abb74eac4d8459f638893447112031ddcf34af14a6c4b
                              • Opcode Fuzzy Hash: eff3b50df2d8f10e201eca562cd76daf8c611fc7857359750e57e40757c68bca
                              • Instruction Fuzzy Hash: B291B47271065099FB52CB6B98807ED27A0F36DBD8F444225FF4A57AA4CB38C4C6CB10
                              Function 00000001400B9064 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.2202892025.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                              Joe Sandbox IDA Plugin
                              • Snapshot File: hcaresult_1_2_140000000_RUN.jbxd
                              Similarity
                              • API ID: ErrorFileHandleInformationLast
                              • String ID:
                              • API String ID: 275135790-0
                              • Opcode ID: 81d10114c1786b400c54503466fc6a69753620fc9a5ac361ab1bea0ddac7e0e2
                              • Instruction ID: f2b0abd9e6732770bfeb8fa7b7e27c8ccc6d5150b355bc4a45e5b52231632814
                              • Opcode Fuzzy Hash: 81d10114c1786b400c54503466fc6a69753620fc9a5ac361ab1bea0ddac7e0e2
                              • Instruction Fuzzy Hash: 79F0F4312209418BF7A66FE2E8543E926B0EF1D794F040024FF02435B9DB79C9858710